Advisory: CLSA-2022:1660757175
OS: CentOS 8.4 ELS
Public date: 2022-08-17 00:00:00
Project: expat
Version: 2.2.5-4.el8.tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2022-1660757175.html
- CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames() - CVE-2022-22822: Fix integer overflow in addBinding() - CVE-2022-22823: Fix integer overflow in build_model() - CVE-2022-22824: Fix integer overflow in defineAttribute() - CVE-2022-22825: Fix integer overflow in lookup() - CVE-2022-22826: Fix integer overflow in nextScaffoldPart() - CVE-2022-22827: Fix integer overflow in storeAtts() - CVE-2022-23852: Fix integer overflow in XML_GetBuffer() - CVE-2021-46143: Fix integer overflow on m_groupSize in doProlog() - CVE-2021-45960: Fix troublesome left shifts in storeAtts() - CVE-2022-23990: Fix integer overflow in doProlog() - CVE-2022-25313: Fix stack exhaustion in build_model() - CVE-2022-25314: Fix integer overflow in copyString()
Update command: dnf update expat*
expat-static-2.2.5-4.el8.tuxcare.els1.x86_64.rpm expat-2.2.5-4.el8.tuxcare.els1.i686.rpm expat-devel-2.2.5-4.el8.tuxcare.els1.x86_64.rpm expat-2.2.5-4.el8.tuxcare.els1.x86_64.rpm expat-devel-2.2.5-4.el8.tuxcare.els1.i686.rpm