Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
Список пакетов
openSUSE Leap 15.3
expat-2.2.5-3.12.1
libexpat-devel-2.2.5-3.12.1
libexpat-devel-32bit-2.2.5-3.12.1
libexpat1-2.2.5-3.12.1
libexpat1-32bit-2.2.5-3.12.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0498-1
- SUSE Security Ratings
- SUSE Bug 1195054
- SUSE Bug 1195217
- SUSE CVE CVE-2022-23852 page
- SUSE CVE CVE-2022-23990 page
Описание
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Затронутые продукты
openSUSE Leap 15.3:expat-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat-devel-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat1-2.2.5-3.12.1
Ссылки
- CVE-2022-23852
- SUSE Bug 1195054
- SUSE Bug 1196480
- SUSE Bug 1200038
- SUSE Bug 1200198
Описание
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Затронутые продукты
openSUSE Leap 15.3:expat-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat-devel-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.12.1
openSUSE Leap 15.3:libexpat1-2.2.5-3.12.1
Ссылки
- CVE-2022-23990
- SUSE Bug 1195217
- SUSE Bug 1196480
- SUSE Bug 1200038
- SUSE Bug 1200198