ELSA-2022-1069

ULN >
Oracle Linux Errata repository >
ELSA-2022-1069

ELSA-2022-1069 - expat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-03-28

Description

[2.1.0-14.0.1]
- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302]

[2.1.0-14]
- Fix multiple CVEs
- CVE-2022-25236 expat: namespace-separator characters in 'xmlns[:prefix]' attribute values can lead to arbitrary code execution
- CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25315 expat: integer overflow in storeRawNames()
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

[2.1.0-13]
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_aarch64_latest
	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_aarch64_optional_latest
	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_aarch64_u9_patch
	expat-2.1.0-14.0.1.el7_9.aarch64.rpm	0d07fceddd2ffb49e85e9a9a010f8c99eabc1a86360bf7aa0ab4e4941a8029ec	ELSA-2022-6834	ol7_aarch64_latest
	expat-2.1.0-14.0.1.el7_9.aarch64.rpm	0d07fceddd2ffb49e85e9a9a010f8c99eabc1a86360bf7aa0ab4e4941a8029ec	ELSA-2022-6834	ol7_aarch64_u9_patch
	expat-devel-2.1.0-14.0.1.el7_9.aarch64.rpm	6ee6854f206c088f483b81dcd6d79b0486ddff396053405c73f6bfd8686b48c6	ELSA-2022-6834	ol7_aarch64_latest
	expat-devel-2.1.0-14.0.1.el7_9.aarch64.rpm	6ee6854f206c088f483b81dcd6d79b0486ddff396053405c73f6bfd8686b48c6	ELSA-2022-6834	ol7_aarch64_u9_patch
	expat-static-2.1.0-14.0.1.el7_9.aarch64.rpm	3e54c93927a6c0a9eeb7c7c22a4013dba2a172dd52926c117626459082cb6835	ELSA-2022-6834	ol7_aarch64_optional_latest

Oracle Linux 7 (x86_64)	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_x86_64_latest
	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_x86_64_optional_latest
	expat-2.1.0-14.0.1.el7_9.src.rpm	6b376ecce995e9de865967c1bf0f6e714c5e5408b5496fb19ef8cc29eb676d23	ELSA-2022-6834	ol7_x86_64_u9_patch
	expat-2.1.0-14.0.1.el7_9.i686.rpm	ae76a4b8eaf4cbb97b3a403419c9d8fe47e4798b62afa1cc695e7b56b6881f13	ELSA-2022-6834	ol7_x86_64_latest
	expat-2.1.0-14.0.1.el7_9.i686.rpm	ae76a4b8eaf4cbb97b3a403419c9d8fe47e4798b62afa1cc695e7b56b6881f13	ELSA-2022-6834	ol7_x86_64_u9_patch
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_20.1.21.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_20.1.22.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.11.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.12.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.13.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.14.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.15.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_21.2.16.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_22.1.0.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_22.1.1.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_22.1.2.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	exadata_dbserver_22.1.3.0.0_x86_64_base
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	ol7_x86_64_latest
	expat-2.1.0-14.0.1.el7_9.x86_64.rpm	df53d44827902a947dd04c1871dfa7dbcf1cf37e6ba0b3dad004ada2365145a9	ELSA-2022-6834	ol7_x86_64_u9_patch
	expat-devel-2.1.0-14.0.1.el7_9.i686.rpm	0aeed2726c8e5f2e170f62d4d55bee3ae764022b1dbdb06deb34d0f312e4ac44	ELSA-2022-6834	ol7_x86_64_latest
	expat-devel-2.1.0-14.0.1.el7_9.i686.rpm	0aeed2726c8e5f2e170f62d4d55bee3ae764022b1dbdb06deb34d0f312e4ac44	ELSA-2022-6834	ol7_x86_64_u9_patch
	expat-devel-2.1.0-14.0.1.el7_9.x86_64.rpm	65d2e9f632d07fcdab564f636ced343bd734f0aca9a56a6746b586d76255b138	ELSA-2022-6834	ol7_x86_64_latest
	expat-devel-2.1.0-14.0.1.el7_9.x86_64.rpm	65d2e9f632d07fcdab564f636ced343bd734f0aca9a56a6746b586d76255b138	ELSA-2022-6834	ol7_x86_64_u9_patch
	expat-static-2.1.0-14.0.1.el7_9.i686.rpm	0629f772e9e9de1ad9798820143182d0ee9e526f4f190a2c83f27bff947431eb	ELSA-2022-6834	ol7_x86_64_optional_latest
	expat-static-2.1.0-14.0.1.el7_9.x86_64.rpm	7c2bf13c81c12e1bb0eca2fd908740a5ac478458e419731f3f13328c20efae71	ELSA-2022-6834	ol7_x86_64_optional_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691