expat-2.2.5-15.el8_10

エラータID: AXSA:2024-8843:06

Release date: 
Thursday, September 26, 2024 - 15:41
Subject: 
expat-2.2.5-15.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* libexpat: Negative Length Parsing Vulnerability in libexpat (CVE-2024-45490)
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)
* libexpat: integer overflow (CVE-2024-45492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Solution: 

Update packages.

CVEs: 
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.2.5-15.el8_10.src.rpm
    MD5: d06c1381b3ed13849cc3784a6a8faedb
    SHA-256: ace2b61fb05bd8e4801dafe0dfead5a2fd976b0b74155e3178687d56416723bf
    Size: 7.94 MB

Asianux Server 8 for x86_64
  1. expat-2.2.5-15.el8_10.i686.rpm
    MD5: b44f8444a166eb6da7f3e99d2d6fa710
    SHA-256: f3d436129e30eaea9ad66098c41cebd7982dccf6585694c990b2f6d4d3e36e24
    Size: 113.08 kB
  2. expat-2.2.5-15.el8_10.x86_64.rpm
    MD5: fd630a8c3e3526a0821f99e3c914ac88
    SHA-256: 3019476f3a4096420b7d67ff3d6fa82edf76f6c7a352889583a6f7584346e547
    Size: 113.30 kB
  3. expat-devel-2.2.5-15.el8_10.i686.rpm
    MD5: 8aa6bf8016149c65c06ac20ad8341fdc
    SHA-256: 98627bdae374c12bd123f58d0a26c03dfb0897cfeb111eb80ba3061ccd0c9db5
    Size: 57.18 kB
  4. expat-devel-2.2.5-15.el8_10.x86_64.rpm
    MD5: cf31fe1211d4ff96efb2318d78ba6a5c
    SHA-256: d28eb8d23716f93d3799cd23af1ea219aa3e136ef7354ea7b180ffa65b141a14
    Size: 57.17 kB