Slackware: 2022-263-01: expat Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  expat (SSA:2022-263-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/expat-2.4.9-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Heap use-after-free vulnerability in function doContent. Expected impact is
  denial of service or potentially arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-7_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-7_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-7_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-7_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-7_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-7_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.4.9-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.9-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.9-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
8875d0a7ef12b8b874e0c7a8f3daec23  expat-2.4.3-i486-7_slack14.0.txz

Slackware x86_64 14.0 package:
54c5c55709bf30f4f1c25b058e0e9dc0  expat-2.4.3-x86_64-7_slack14.0.txz

Slackware 14.1 package:
415fb2239e9bf331a113fa5a969f54f6  expat-2.4.3-i486-7_slack14.1.txz

Slackware x86_64 14.1 package:
7d2cddd0b8f59955c015fd816b27f1cf  expat-2.4.3-x86_64-7_slack14.1.txz

Slackware 14.2 package:
afefed8cbde7f834e8ce26bed09942b3  expat-2.4.3-i586-7_slack14.2.txz

Slackware x86_64 14.2 package:
b4275c9656969751a44d04babbbffdbd  expat-2.4.3-x86_64-7_slack14.2.txz

Slackware 15.0 package:
3e20a4c46f535008c74bafa0c6e0ce4b  expat-2.4.9-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
f92b2727f730ace64518e86f62540b74  expat-2.4.9-x86_64-1_slack15.0.txz

Slackware -current package:
61b854ca80084f8d10756696c385108c  l/expat-2.4.9-i586-1.txz

Slackware x86_64 -current package:
4367548913891639223cdccf9fac2827  l/expat-2.4.9-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg expat-2.4.9-i586-1_slack15.0.txz


+-----+

Slackware: 2022-263-01: expat Security Update

September 20, 2022
New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-7_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-7_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-7_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-7_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-7_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-7_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.4.9-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.9-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.9-x86_64-1.txz

MD5 Signatures

Slackware 14.0 package: 8875d0a7ef12b8b874e0c7a8f3daec23 expat-2.4.3-i486-7_slack14.0.txz
Slackware x86_64 14.0 package: 54c5c55709bf30f4f1c25b058e0e9dc0 expat-2.4.3-x86_64-7_slack14.0.txz
Slackware 14.1 package: 415fb2239e9bf331a113fa5a969f54f6 expat-2.4.3-i486-7_slack14.1.txz
Slackware x86_64 14.1 package: 7d2cddd0b8f59955c015fd816b27f1cf expat-2.4.3-x86_64-7_slack14.1.txz
Slackware 14.2 package: afefed8cbde7f834e8ce26bed09942b3 expat-2.4.3-i586-7_slack14.2.txz
Slackware x86_64 14.2 package: b4275c9656969751a44d04babbbffdbd expat-2.4.3-x86_64-7_slack14.2.txz
Slackware 15.0 package: 3e20a4c46f535008c74bafa0c6e0ce4b expat-2.4.9-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: f92b2727f730ace64518e86f62540b74 expat-2.4.9-x86_64-1_slack15.0.txz
Slackware -current package: 61b854ca80084f8d10756696c385108c l/expat-2.4.9-i586-1.txz
Slackware x86_64 -current package: 4367548913891639223cdccf9fac2827 l/expat-2.4.9-x86_64-1.txz

Severity
[slackware-security] expat (SSA:2022-263-01)
New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg expat-2.4.9-i586-1_slack15.0.txz

News

Advisories

HOWTOs

Features

History of Malware on Linux and What's Being Done to Stop It
A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy