Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Slackware: 2022-025-01 Critical: Expat Denial of Service Issue

slackware
Calendar Grey January 25, 2022
Dist Slackware Esm H88
Recent updates for Expat packages in Slackware address a major security vulnerability tied to DoS attacks and integer overflows, promoting system reliability.
New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/expat-2.4.3-i586-2_slack14.2.txz: Rebuilt. Fix signed integer overflow in function XML_GetBuffer for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or other undefined behavior. While we're here, also patch a memory leak on output file opening error. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-23852 (* Security fix *)

Topics%20covered

Topics Covered

security advisory denial of service package update security fix slackware integer overflow expat

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 1bda5041fea19b564c74a1d904721fd3 expat-2.4.3-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: edc9ce5fcd5393b7806140b2b6759852 expat-2.4.3-x86_64-2_slack14.0.txz
Slackware 14.1 package: 5152826a7d292323f2edbed7afbb6009 expat-2.4.3-i486-2_slack14.1.txz
Slackware x86_64 14.1 package: aade76682306bbd4d3d567c24baee356 expat-2.4.3-x86_64-2_slack14.1.txz
Slackware 14.2 package: a0006a84edde673ab94d1bc0019ea44a expat-2.4.3-i586-2_slack14.2.txz
Slackware x86_64 14.2 package: fd33a06ccabea1ea6f055a9ce3c6299a expat-2.4.3-x86_64-2_slack14.2.txz
Slackware -current package: 166399ce3b3039af847b69530d9b3d85 l/expat-2.4.3-i586-2.txz
Slackware x86_64 -current package: 1ffcf40e732985f9798a84aaf97c03b0 l/expat-2.4.3-x86_64-2.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service package update security fix slackware integer overflow expat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg expat-2.4.3-i586-2_slack14.2.txz

Related News

Your message here