Univention Bugzilla – Bug 54398
expat: Multiple issues (4.4)
Last modified: 2022-02-02 16:40:29 CET
New Debian expat 2.2.0-2+deb9u4 fixes: This update addresses the following issues: * Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) * Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)
--- mirror/ftp/4.4/unmaintained/4.4-2/source/expat_2.2.0-2+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/expat_2.2.0-2+deb9u4.dsc @@ -1,3 +1,13 @@ +2.2.0-2+deb9u4 [Sun, 30 Jan 2022 17:51:06 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, + CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, + CVE-2022-23990 and CVE-2021-45960. + Multiple security vulnerabilities have been discovered in Expat, the XML + parsing C library. Integer overflows or invalid shifts may lead to a denial + of service or other unspecified impact. + 2.2.0-2+deb9u3 [Thu, 19 Sep 2019 23:43:05 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#6398635680562262553>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 2c6fccbcd3 Bug #54398: expat 2.2.0-2+deb9u4 doc/errata/staging/expat.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1169>