Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest
libexpat1-2.1.0-21.12.1
Container suse/sles12sp5:latest
libexpat1-2.1.0-21.12.1
HPE Helion OpenStack 8
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
Image SLES12-SP4-Azure-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-EC2-HVM-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-GCE-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-Azure
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-Azure-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-EC2-HVM
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-GCE
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP4-SAP-GCE-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-Basic-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-HPC-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-HPC-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-SAP-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-SAP-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-Azure-Standard-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-EC2-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-EC2-ECS-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-EC2-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-EC2-SAP-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-EC2-SAP-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-GCE-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-GCE-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-GCE-SAP-BYOS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-GCE-SAP-On-Demand
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
SUSE Linux Enterprise Server 12 SP2-BCL
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server 12 SP3-BCL
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server 12 SP3-LTSS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server 12 SP4-LTSS
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server 12 SP5
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexpat-devel-2.1.0-21.12.1
SUSE OpenStack Cloud 8
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE OpenStack Cloud 9
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE OpenStack Cloud Crowbar 8
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
SUSE OpenStack Cloud Crowbar 9
expat-2.1.0-21.12.1
libexpat1-2.1.0-21.12.1
libexpat1-32bit-2.1.0-21.12.1
Ссылки
- Link for SUSE-SU-2022:0179-1
- E-Mail link for SUSE-SU-2022:0179-1
- SUSE Security Ratings
- SUSE Bug 1194251
- SUSE Bug 1194362
- SUSE Bug 1194474
- SUSE Bug 1194476
- SUSE Bug 1194477
- SUSE Bug 1194478
- SUSE Bug 1194479
- SUSE Bug 1194480
- SUSE CVE CVE-2021-45960 page
- SUSE CVE CVE-2021-46143 page
- SUSE CVE CVE-2022-22822 page
- SUSE CVE CVE-2022-22823 page
- SUSE CVE CVE-2022-22824 page
- SUSE CVE CVE-2022-22825 page
- SUSE CVE CVE-2022-22826 page
- SUSE CVE CVE-2022-22827 page
Описание
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2021-45960
- SUSE Bug 1194251
Описание
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2021-46143
- SUSE Bug 1194362
- SUSE Bug 1195327
- SUSE Bug 1196387
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22822
- SUSE Bug 1194474
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22823
- SUSE Bug 1194476
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22824
- SUSE Bug 1194477
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22825
- SUSE Bug 1194478
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22826
- SUSE Bug 1194479
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp3:latest:expat-2.1.0-21.12.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.12.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.12.1
Ссылки
- CVE-2022-22827
- SUSE Bug 1194480
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198