Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

Mageia 9: 2024-0294 Critical XML Parsing Security Advisory

mageia
Calendar Grey September 11, 2024
Scroller Mageia Esm H88
Mageia unveils critical enhancements for expat libraries addressing major security vulnerabilities and complications tied to XML processing.
An issue was discovered in libexpat before 2.6.3

Summary

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492)

References

- https://bugs.mageia.org/show_bug.cgi?id=33547

- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556

- https://www.cve.org/CVERecord?id=CVE-2024-45490

- https://www.cve.org/CVERecord?id=CVE-2024-45491

- https://www.cve.org/CVERecord?id=CVE-2024-45492

Resolution

SRPMS

- 9/core/expat-2.6.3-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 11 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0294.html
Type: security
CVE: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.