Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
expat-2.0.1-88.42.12.1
libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS
expat-2.0.1-88.42.12.1
libexpat1-2.0.1-88.42.12.1
libexpat1-32bit-2.0.1-88.42.12.1
Ссылки
- Link for SUSE-SU-2022:14878-1
- E-Mail link for SUSE-SU-2022:14878-1
- SUSE Security Ratings
- SUSE Bug 1194251
- SUSE Bug 1194362
- SUSE Bug 1194474
- SUSE Bug 1194476
- SUSE Bug 1194477
- SUSE Bug 1194478
- SUSE Bug 1194479
- SUSE Bug 1194480
- SUSE CVE CVE-2021-45960 page
- SUSE CVE CVE-2021-46143 page
- SUSE CVE CVE-2022-22822 page
- SUSE CVE CVE-2022-22823 page
- SUSE CVE CVE-2022-22824 page
- SUSE CVE CVE-2022-22825 page
- SUSE CVE CVE-2022-22826 page
- SUSE CVE CVE-2022-22827 page
Описание
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2021-45960
- SUSE Bug 1194251
Описание
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2021-46143
- SUSE Bug 1194362
- SUSE Bug 1195327
- SUSE Bug 1196387
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22822
- SUSE Bug 1194474
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22823
- SUSE Bug 1194476
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22824
- SUSE Bug 1194477
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22825
- SUSE Bug 1194478
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22826
- SUSE Bug 1194479
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1
Ссылки
- CVE-2022-22827
- SUSE Bug 1194480
- SUSE Bug 1195327
- SUSE Bug 1200038
- SUSE Bug 1200198