Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest
libexpat1-2.1.0-21.18.1
Container suse/sles12sp5:latest
libexpat1-2.1.0-21.18.1
HPE Helion OpenStack 8
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
Image SLES12-SP4-Azure-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP4-SAP-Azure-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP4-SAP-EC2-HVM
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-Basic-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-HPC-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-HPC-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-SAP-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-SAP-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-Azure-Standard-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-EC2-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-EC2-ECS-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-EC2-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-EC2-SAP-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-EC2-SAP-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-GCE-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-GCE-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-GCE-SAP-BYOS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-GCE-SAP-On-Demand
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
SUSE Linux Enterprise Server 12 SP2-BCL
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server 12 SP3-BCL
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server 12 SP3-LTSS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server 12 SP4-LTSS
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server 12 SP5
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexpat-devel-2.1.0-21.18.1
SUSE OpenStack Cloud 8
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE OpenStack Cloud 9
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE OpenStack Cloud Crowbar 8
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
SUSE OpenStack Cloud Crowbar 9
expat-2.1.0-21.18.1
libexpat1-2.1.0-21.18.1
libexpat1-32bit-2.1.0-21.18.1
Ссылки
- Link for SUSE-SU-2022:0698-1
- E-Mail link for SUSE-SU-2022:0698-1
- SUSE Security Ratings
- SUSE Bug 1196025
- SUSE Bug 1196026
- SUSE Bug 1196168
- SUSE Bug 1196169
- SUSE Bug 1196171
- SUSE CVE CVE-2022-25235 page
- SUSE CVE CVE-2022-25236 page
- SUSE CVE CVE-2022-25313 page
- SUSE CVE CVE-2022-25314 page
- SUSE CVE CVE-2022-25315 page
Описание
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest:expat-2.1.0-21.18.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.18.1
Ссылки
- CVE-2022-25235
- SUSE Bug 1196026
- SUSE Bug 1197217
- SUSE Bug 1198587
- SUSE Bug 1200038
- SUSE Bug 1200198
- SUSE Bug 1201735
Описание
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest:expat-2.1.0-21.18.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.18.1
Ссылки
- CVE-2022-25236
- SUSE Bug 1196025
- SUSE Bug 1196784
- SUSE Bug 1197217
- SUSE Bug 1200038
- SUSE Bug 1201735
Описание
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest:expat-2.1.0-21.18.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.18.1
Ссылки
- CVE-2022-25313
- SUSE Bug 1196168
Описание
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest:expat-2.1.0-21.18.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.18.1
Ссылки
- CVE-2022-25314
- SUSE Bug 1196169
- SUSE Bug 1197217
- SUSE Bug 1198587
- SUSE Bug 1199096
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp3:latest:expat-2.1.0-21.18.1
Container suse/sles12sp3:latest:libexpat1-2.1.0-21.18.1
Container suse/sles12sp4:latest:libexpat1-2.1.0-21.18.1
Ссылки
- CVE-2022-25315
- SUSE Bug 1196171
- SUSE Bug 1197217
- SUSE Bug 1198587
- SUSE Bug 1200038
- SUSE Bug 1200198
- SUSE Bug 1201735