ELSA-2023-0103

Опубликовано: 12 янв. 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-0103: expat security update (MODERATE)

[2.2.5-10.0.1]

lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]

[2.2.5-10.1]

CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
Resolves: CVE-2022-43680

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

expat

2.2.5-10.0.1.el8_7.1

expat-devel

2.2.5-10.0.1.el8_7.1

Oracle Linux x86_64

expat

2.2.5-10.0.1.el8_7.1

expat-devel

2.2.5-10.0.1.el8_7.1

Связанные CVE

CVE-2022-43680

Ссылки на источники

Связанные уязвимости

CVE-2022-43680

CVSS3: 7.5

ubuntu

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

redhat

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

nvd

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-43680

CVSS3: 7.5

debian

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeag ...