openSUSE: 2022:0713-1 important: expat
Description
This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-713=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - openSUSE Leap 15.3 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat-devel-32bit-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1
References
https://www.suse.com/security/cve/CVE-2022-25235.html https://www.suse.com/security/cve/CVE-2022-25236.html https://www.suse.com/security/cve/CVE-2022-25313.html https://www.suse.com/security/cve/CVE-2022-25314.html https://www.suse.com/security/cve/CVE-2022-25315.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196026 https://bugzilla.suse.com/1196168 https://bugzilla.suse.com/1196169 https://bugzilla.suse.com/1196171