Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:0179-1 Important Expat Update Fixes Eight Issues

suse
Calendar Grey January 25, 2022
Dist Suse Esm H88
Comprehensive Red Hat security patch for libxml2 addresses 5 vulnerabilities, improving system reliability and safeguarding.
An update that fixes 8 vulnerabilities is now available

Summary

This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Patch Instructions:

Topics%20covered

Topics Covered

security advisory software update threat mitigation SUSE multiple threats expat importante

References

#1194251 #1194362 #1194474 #1194476 #1194477

#1194478 #1194479 #1194480

Cross- CVE-2021-45960 CVE-2021-46143 CVE-2022-22822

CVE-2022-22823 CVE-2022-22824 CVE-2022-22825

CVE-2022-22826 CVE-2022-22827

CVSS scores:

CVE-2021-45960 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-45960 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2021-46143 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-46143 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22822 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-22822 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-22823 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0179-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update threat mitigation SUSE multiple threats expat importante

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here