Описание
ELSA-2022-6878: expat security update (IMPORTANT)
[2.2.5-8.0.1.3]
- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]
[2.2.5-8.3]
- Ensure raw tagnames are safe exiting internalEntityParser
- Resolves: CVE-2022-40674
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
expat
2.2.5-8.0.1.el8_6.3
expat-devel
2.2.5-8.0.1.el8_6.3
Oracle Linux x86_64
expat
2.2.5-8.0.1.el8_6.3
expat-devel
2.2.5-8.0.1.el8_6.3
Связанные CVE
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 3 года назад
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS3: 8.1
redhat
почти 3 года назад
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS3: 8.1
nvd
почти 3 года назад
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS3: 8.1
debian
почти 3 года назад
libexpat before 2.4.9 has a use-after-free in the doContent function i ...