Slackware: 2022-298-01: expat Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  expat (SSA:2022-298-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/expat-2.5.0-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix heap use-after-free after overeager destruction of a shared DTD in
  function XML_ExternalEntityParserCreate in out-of-memory situations.
  Expected impact is denial of service or potentially arbitrary code
  execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-8_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-8_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-8_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-8_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-8_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-8_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.5.0-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.5.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.5.0-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
0fd2ba3c6f0c27f4fd9d68ae5a5dc73a  expat-2.4.3-i486-8_slack14.0.txz

Slackware x86_64 14.0 package:
c9c50bb9d09921396dc8cba832ca6c54  expat-2.4.3-x86_64-8_slack14.0.txz

Slackware 14.1 package:
a3abb5b8416e865627d865c072c4a8c6  expat-2.4.3-i486-8_slack14.1.txz

Slackware x86_64 14.1 package:
3bceb11fb5b69049cb3a121fd879e749  expat-2.4.3-x86_64-8_slack14.1.txz

Slackware 14.2 package:
6c13bb9d0198679b67f19d702179f331  expat-2.4.3-i586-8_slack14.2.txz

Slackware x86_64 14.2 package:
71ba3c391725745344ccb950a207a2e3  expat-2.4.3-x86_64-8_slack14.2.txz

Slackware 15.0 package:
13d8322d1d270c480ca10a01f47585b1  expat-2.5.0-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
126b299851d0be6f583045a04a8ecf41  expat-2.5.0-x86_64-1_slack15.0.txz

Slackware -current package:
cb21f24eb0e34d1b4d9882976a577fae  l/expat-2.5.0-i586-1.txz

Slackware x86_64 -current package:
bb90f8668aef64c82c24d3f57b15f6e4  l/expat-2.5.0-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg expat-2.5.0-i586-1_slack15.0.txz


+-----+

Slackware: 2022-298-01: expat Security Update

October 25, 2022
New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.5.0-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-8_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-8_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-8_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-8_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-8_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-8_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.5.0-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.5.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.5.0-x86_64-1.txz

MD5 Signatures

Slackware 14.0 package: 0fd2ba3c6f0c27f4fd9d68ae5a5dc73a expat-2.4.3-i486-8_slack14.0.txz
Slackware x86_64 14.0 package: c9c50bb9d09921396dc8cba832ca6c54 expat-2.4.3-x86_64-8_slack14.0.txz
Slackware 14.1 package: a3abb5b8416e865627d865c072c4a8c6 expat-2.4.3-i486-8_slack14.1.txz
Slackware x86_64 14.1 package: 3bceb11fb5b69049cb3a121fd879e749 expat-2.4.3-x86_64-8_slack14.1.txz
Slackware 14.2 package: 6c13bb9d0198679b67f19d702179f331 expat-2.4.3-i586-8_slack14.2.txz
Slackware x86_64 14.2 package: 71ba3c391725745344ccb950a207a2e3 expat-2.4.3-x86_64-8_slack14.2.txz
Slackware 15.0 package: 13d8322d1d270c480ca10a01f47585b1 expat-2.5.0-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 126b299851d0be6f583045a04a8ecf41 expat-2.5.0-x86_64-1_slack15.0.txz
Slackware -current package: cb21f24eb0e34d1b4d9882976a577fae l/expat-2.5.0-i586-1.txz
Slackware x86_64 -current package: bb90f8668aef64c82c24d3f57b15f6e4 l/expat-2.5.0-x86_64-1.txz

Severity
[slackware-security] expat (SSA:2022-298-01)
New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg expat-2.5.0-i586-1_slack15.0.txz

Related News

Data Scientists Dial Back Use of Open Source Code Due to Security Worries

241 npm and PyPI Packages Caught Dropping Linux Cryptominers

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy