Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
99
security advisorydenial of servicecriticalSlackware 14.x Critical Update: Expat Denial of Service Fix
New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] expat (SSA:2022-016-01) New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.4.3-i586-1_slack14.2.txz: Upgraded. Fix issues with left shifts by > =29 places resulting in: a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or other undefined behavior. Prevent integer overflows near memory allocation at multiple places. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-45960 https://www.cve.org/CVERecord?id=CVE-2021-46143 https://www.cve.org/CVERecord?id=CVE-2022-22822 https://www.cve.org/CVERecord?id=CVE-2022-22823 https://www.cve.org/CVERecord?id=CVE-2022-22824 https://www.cve.org/CVERecord?id=CVE-2022-22825 https://www.cve.org/CVERecord?id=CVE-2022-22826 https://www.cve.org/CVERecord?id=CVE-2022-22827 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0package: 221489b3cc531df86e938f4b5f86f333 expat-2.4.3-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 567acea852c48adddc4ddb54d7d31b8c expat-2.4.3-x86_64-1_slack14.0.txz Slackware 14.1 package: 955d3d04dbe44c58328003e29ab83cef expat-2.4.3-i486-1_slack14.1.txz Slackware x86_64 14.1 package: cdedf19fe237eb09786d54c8295658fc expat-2.4.3-x86_64-1_slack14.1.txz Slackware 14.2 package: dc1121c0f3c2e331ee162586103bc61d expat-2.4.3-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0476a33c23c7398cce3f48c508538d56 expat-2.4.3-x86_64-1_slack14.2.txz Slackware -current package: 170535aa026a821b7434a3a4a6987b41 l/expat-2.4.3-i586-1.txz Slackware x86_64 -current package: 6b978051bba045d94e53890bc5289f49 l/expat-2.4.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg expat-2.4.3-i586-1_slack14.2.txz +-----+ . The latest updates for the Fedora packages have been rolled out to mitigate significant vulnerabilities including potential data corruption and various unspecified anomalies.. Expat Package Update, Slackware Security Fix, Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Jan 16, 2022
•Critical
Slackware
198
security advisoryarbitrary code executioncritical severityArch Linux: 201606-19 Major Vulnerability in Expat Code Execution Risk
The package expat before version 2.1.1-2 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201605-22 ========================================= Severity: Critical Date : 2016-05-18 CVE-ID : CVE-2015-1283 CVE-2016-0718 Package : expat Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package expat before version 2.1.1-2 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 2.1.1-2. # pacman -Syu "expat> =2.1.1-2" The problems have been fixed upstream but no release is available yet. Workaround ========= None. Description ========== - CVE-2015-1283 (arbitrary code execution) Multiple integer overflows in the XML_GetBuffer function allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this update refreshes the fix to avoid relying on undefined behavior. - CVE-2016-0718 (arbitrary code execution) The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Impact ===== A remote attacker is able to use a specially crafted XML file that, when processed, is leading to arbitrary code execution. References ========= https://access.redhat.com/security/cve/CVE-2015-1283 https://access.redhat.com/security/cve/CVE-2016-0718 https://seclists.org/oss-sec/2016/q2/360 . Critical flaw detected in the expat package on Arch Linux; potential for arbitrary code execution. Immediate updates are crucial.. Arbitrary Code, Arch Security Advisory, Expat Package, CriticalIssues. . Severity: Critical. LinuxSecurity.com Team
May 18, 2016
•Critical
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!