Univention Bugzilla – Bug 54448
expat: Multiple issues (5.0)
Last modified: 2022-02-16 12:07:15 CET
New Debian expat 2.2.6-2+deb10u2 fixes: This update addresses the following issues: * Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) * Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)
--- mirror/ftp/pool/main/e/expat/expat_2.2.6-2+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/expat_2.2.6-2+deb10u2.dsc @@ -1,3 +1,16 @@ +2.2.6-2+deb10u2 [Wed, 09 Feb 2022 15:18:06 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * lib: Detect and prevent troublesome left shifts in function storeAtts + (CVE-2021-45960) (Closes: #1002994) + * lib: Prevent integer overflow on m_groupSize in function doProlog + (CVE-2021-46143) + * lib: Prevent integer overflow at multiple places (CVE-2022-22822, + CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, + CVE-2022-22827) (Closes: #1003474) + * lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) + * lib: Prevent integer overflow in doProlog (CVE-2022-23990) + 2.2.6-2+deb10u1 [Thu, 19 Sep 2019 23:13:41 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-1/#1674530332000788966>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] b36b99bce9 Bug #54448: expat 2.2.6-2+deb10u2 doc/errata/staging/expat.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x219>