1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5236-1] expat security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Sep 22 22:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5236-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : expat
    CVE ID : CVE-2022-40674
    Debian Bug : 1019761

    Rhodri James discovered a heap use-after-free vulnerability in the
    doContent function in Expat, an XML parsing C library, which could
    result in denial of service or potentially the execution of arbitrary
    code, if a malformed XML file is processed.

    For the stable distribution (bullseye), this problem has been fixed in
    version 2.2.10-2+deb11u4.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMswX5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S/8Q//fGZXIhVvGp/MCAlvkFtooR1PDtteATpnqNqxC80S2CbP89Te7qMajS5d WpfotIGIMm3HBi/gZf1Cn778TQBijdWBR5cvcf1zV6EmInpSkKUt8miGKQ91YGig /8CnVwnzxSTSlaxaAbC6OqKW6FK9r0U2b7vlOw4z2NjhBclNMvk9tP6iWi8+iQgR jz4mqygHdY/aoaOLKAEKXdmzV3MOwv/Kk4qeSAKU9CtPya2KUEos3qLrGVOjQXqN /RCZzW/YYn3DhPmDGqoSMw8LIh29CML0CtV46Ojz/YI4PtryF0i0gC3cF5w2OnjA Xr46sMqLw2XvqXtcjqfRtX1pcHtiqhGvhBYZh1CRc04YtMIXIeLtVY0vKzgZaUze vN1tNtacuGoXaGN5I2IqSbufTvaPOGwJ/IG9mOrSXrPQ4g/meWAVIoMTqdCv6Min VFxaNHrfmNcVWrgwA+1+RX8iciN76Q3p/evgbs0RBaXZAfrhj4jqa7nfedfr5iNx BCjVe4y1MyfUfLx96B5OLX9eR/Zx/h6cQiqSjZfY4qxbwiDlvmUVrphg3EzaTZr4 u4VvOVw6BHpy0hWHYLHu8bfPmWarV6m5zdYnxSWgusimzZjtJXc30N0Jl0BmO07P UaKoRg3O8Pb0Ijq+2g8q0hV4RzCxdOx7g2/p2peorDcq/KgvxvY=
    =tg+s
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)