Description:
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages:
-
expat-devel-2.2.5-8.el8_6.2.x86_64.rpm
-
expat-2.2.5-8.el8_6.2.x86_64.rpm
-
expat-2.2.5-8.el8_6.2.i686.rpm
-
expat-2.2.5-8.el8_6.2.aarch64.rpm
-
expat-devel-2.2.5-8.el8_6.2.aarch64.rpm
-
expat-2.2.5-8.el8_6.2.ppc64le.rpm
-
expat-devel-2.2.5-8.el8_6.2.ppc64le.rpm