Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2024-45492: Detect integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: Detect integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: Reject negative len for XML_ParseBuffer. (bsc#1229930)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libexpat1-2.1.0-21.37.1
Container suse/sles12sp5:latest
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-HPC-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-HPC-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-SAP-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-SAP-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-Standard-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-EC2-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-EC2-ECS-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-EC2-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-EC2-SAP-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-EC2-SAP-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-GCE-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-GCE-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-GCE-SAP-BYOS
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-GCE-SAP-On-Demand
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
SUSE Linux Enterprise Server 12 SP5
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
libexpat1-32bit-2.1.0-21.37.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
expat-2.1.0-21.37.1
libexpat1-2.1.0-21.37.1
libexpat1-32bit-2.1.0-21.37.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libexpat-devel-2.1.0-21.37.1
Ссылки
- Link for SUSE-SU-2024:3182-1
- E-Mail link for SUSE-SU-2024:3182-1
- SUSE Security Ratings
- SUSE Bug 1229930
- SUSE Bug 1229931
- SUSE Bug 1229932
- SUSE CVE CVE-2024-45490 page
- SUSE CVE CVE-2024-45491 page
- SUSE CVE CVE-2024-45492 page
Описание
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Container suse/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:expat-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:libexpat1-2.1.0-21.37.1
Ссылки
- CVE-2024-45490
- SUSE Bug 1229930
Описание
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Container suse/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:expat-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:libexpat1-2.1.0-21.37.1
Ссылки
- CVE-2024-45491
- SUSE Bug 1229930
- SUSE Bug 1229931
Описание
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Container suse/sles12sp5:latest:libexpat1-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:expat-2.1.0-21.37.1
Image SLES12-SP5-Azure-BYOS:libexpat1-2.1.0-21.37.1
Ссылки
- CVE-2024-45492
- SUSE Bug 1229930
- SUSE Bug 1229932