ELSA-2022-0951

ELSA-2022-0951 - expat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-03-16

Description

[2.2.5-4.3]
- Improve fix for CVE-2022-25236
- Related: CVE-2022-25236

[2.2.5-4.2]
- Fix multiple CVEs
- Resolves: CVE-2022-25236
- Resolves: CVE-2022-25235
- Resolves: CVE-2022-25315

[2.2.5-4.1]
- Fix multiple CVEs
- CVE-2022-23852 expat: integer overflow in function XML_GetBuffer
- CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat
- CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c
- CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c
- CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c
- CVE-2022-22825 Integer overflow in lookup in xmlparse.c
- CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c
- CVE-2022-22823 Integer overflow in build_model in xmlparse.c
- CVE-2022-22822 Integer overflow in addBinding in xmlparse.c
- Resolves: CVE-2022-23852
- Resolves: CVE-2021-45960
- Resolves: CVE-2021-46143
- Resolves: CVE-2022-22827
- Resolves: CVE-2022-22826
- Resolves: CVE-2022-22825
- Resolves: CVE-2022-22824
- Resolves: CVE-2022-22823
- Resolves: CVE-2022-22822

Related CVEs

CVE-2022-25235

CVE-2022-22825

CVE-2022-22823

CVE-2022-23852

CVE-2021-45960

CVE-2021-46143

CVE-2022-22822

CVE-2022-22824

CVE-2022-22826

CVE-2022-25236

CVE-2022-22827

CVE-2022-25315

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	expat-2.2.5-4.el8_5.3.src.rpm	00f83a1e65b17ae6520cdad8995875cc38c4dca5d7e7ec46ae88503c9b9e13d1	-	ol8_aarch64_baseos_latest
	expat-2.2.5-4.el8_5.3.src.rpm	00f83a1e65b17ae6520cdad8995875cc38c4dca5d7e7ec46ae88503c9b9e13d1	-	ol8_aarch64_u5_baseos_patch
	expat-2.2.5-4.el8_5.3.aarch64.rpm	50b7f3be8b499674a1cef146f501effc8e3d3c48bbf69c9726eca5d3fe4c534e	-	ol8_aarch64_baseos_latest
	expat-2.2.5-4.el8_5.3.aarch64.rpm	50b7f3be8b499674a1cef146f501effc8e3d3c48bbf69c9726eca5d3fe4c534e	-	ol8_aarch64_u5_baseos_patch
	expat-devel-2.2.5-4.el8_5.3.aarch64.rpm	52874c38d2e588091993f8474134a91bda66f4768afe83df4be1e383f6e22ca1	-	ol8_aarch64_baseos_latest
	expat-devel-2.2.5-4.el8_5.3.aarch64.rpm	52874c38d2e588091993f8474134a91bda66f4768afe83df4be1e383f6e22ca1	-	ol8_aarch64_u5_baseos_patch
Oracle Linux 8 (x86_64)	expat-2.2.5-4.el8_5.3.src.rpm	00f83a1e65b17ae6520cdad8995875cc38c4dca5d7e7ec46ae88503c9b9e13d1	-	ol8_x86_64_baseos_latest
	expat-2.2.5-4.el8_5.3.src.rpm	00f83a1e65b17ae6520cdad8995875cc38c4dca5d7e7ec46ae88503c9b9e13d1	-	ol8_x86_64_u5_baseos_patch
	expat-2.2.5-4.el8_5.3.i686.rpm	8ce6d16b05223ba4c864181b8318d614960e0562627f35ba5cfba3341b8589b9	-	ol8_x86_64_baseos_latest
	expat-2.2.5-4.el8_5.3.i686.rpm	8ce6d16b05223ba4c864181b8318d614960e0562627f35ba5cfba3341b8589b9	-	ol8_x86_64_u5_baseos_patch
	expat-2.2.5-4.el8_5.3.x86_64.rpm	28642b25a359a9b5ac89be2315474ea28deff0bc33731fde98af83449da60383	-	ol8_x86_64_baseos_latest
	expat-2.2.5-4.el8_5.3.x86_64.rpm	28642b25a359a9b5ac89be2315474ea28deff0bc33731fde98af83449da60383	-	ol8_x86_64_u5_baseos_patch
	expat-devel-2.2.5-4.el8_5.3.i686.rpm	b16b332ed272a897560f48857aefdf5483a59f44ae379348a9acb515b792f47b	-	ol8_x86_64_baseos_latest
	expat-devel-2.2.5-4.el8_5.3.i686.rpm	b16b332ed272a897560f48857aefdf5483a59f44ae379348a9acb515b792f47b	-	ol8_x86_64_u5_baseos_patch
	expat-devel-2.2.5-4.el8_5.3.x86_64.rpm	b47dce235e8b9172045baa66372eb060fd491391a8ef89b0a679734819ed3458	-	ol8_x86_64_baseos_latest
	expat-devel-2.2.5-4.el8_5.3.x86_64.rpm	b47dce235e8b9172045baa66372eb060fd491391a8ef89b0a679734819ed3458	-	ol8_x86_64_u5_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team