[ELSA-2022-0951] expat security update

Severity Important

Affected Packages 2

CVEs 12

[2.2.5-4.3]
- Improve fix for CVE-2022-25236
- Related: CVE-2022-25236

[2.2.5-4.2]
- Fix multiple CVEs
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

[2.2.5-4.1]
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822

Package	Affected Version
pkg:rpm/oraclelinux/expat?distro=oraclelinux-8.5	< 2.2.5-4.el8_5.3
pkg:rpm/oraclelinux/expat-devel?distro=oraclelinux-8.5	< 2.2.5-4.el8_5.3

ID

ELSA-2022-0951

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2022-0951.html

Published

2022-03-16T00:00:00
(2 years ago)

Modified

2022-03-16T00:00:00
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2022-0951	https://linux.oracle.com/errata/ELSA-2022-0951.html
CVE	CVE-2022-25235	https://linux.oracle.com/cve/CVE-2022-25235.html
CVE	CVE-2022-25236	https://linux.oracle.com/cve/CVE-2022-25236.html
CVE	CVE-2022-25315	https://linux.oracle.com/cve/CVE-2022-25315.html
CVE	CVE-2021-45960	https://linux.oracle.com/cve/CVE-2021-45960.html
CVE	CVE-2021-46143	https://linux.oracle.com/cve/CVE-2021-46143.html
CVE	CVE-2022-22822	https://linux.oracle.com/cve/CVE-2022-22822.html
CVE	CVE-2022-22827	https://linux.oracle.com/cve/CVE-2022-22827.html
CVE	CVE-2022-23852	https://linux.oracle.com/cve/CVE-2022-23852.html
CVE	CVE-2022-22823	https://linux.oracle.com/cve/CVE-2022-22823.html
CVE	CVE-2022-22824	https://linux.oracle.com/cve/CVE-2022-22824.html
CVE	CVE-2022-22825	https://linux.oracle.com/cve/CVE-2022-22825.html
CVE	CVE-2022-22826	https://linux.oracle.com/cve/CVE-2022-22826.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/oraclelinux/expat?distro=oraclelinux-8.5	oraclelinux	expat	< 2.2.5-4.el8_5.3	oraclelinux-8.5
Affected	pkg:rpm/oraclelinux/expat-devel?distro=oraclelinux-8.5	oraclelinux	expat-devel	< 2.2.5-4.el8_5.3	oraclelinux-8.5

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date