Download
| Alert*
oval:org.secpod.oval:def:2500847
Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. oval:org.secpod.oval:def:78540 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1505492 [91.7.0-3.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 [91.7.0-1] - Update to 91.7.0 build2 [91.6.0-2] - ... oval:org.secpod.oval:def:78343 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1505491 [91.7.0-3.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of ... oval:org.secpod.oval:def:506730 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:506850 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:506735 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1700895 A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write. A flaw was found in expat. Passing malformed 2- and 3-byt ... oval:org.secpod.oval:def:78417 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:78538 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:1505532 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 oval:org.secpod.oval:def:78539 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:89046114 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:1505530 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 oval:org.secpod.oval:def:4500908 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRa ... oval:org.secpod.oval:def:2500713 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:1601522 A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor. A flaw was found in expat. Passing one or more namespa ... oval:org.secpod.oval:def:97671 [CLSA-2022:1660762248] Fixed 13 CVEs in expat oval:org.secpod.oval:def:506789 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:506788 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:121753 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124948 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:121714 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:124946 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2107539 Oracle Solaris 11 - ( CVE-2022-23852 ) oval:org.secpod.oval:def:121713 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:89046189 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:89047751 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - Fixed a regression caused by the patch for CVE-2022-25236 . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: ... oval:org.secpod.oval:def:1505501 [2.2.5-4.3] - Improve fix for CVE-2022-25236 - Related: CVE-2022-25236 [2.2.5-4.2] - Fix multiple CVEs - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 [2.2.5-4.1] - Fix multiple CVEs - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer - CVE-2021-45960 ... oval:org.secpod.oval:def:89047393 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:1700869 A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor. A flaw was found in expat. Passing one or more namespa ... oval:org.secpod.oval:def:19500049 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior . In doProlog in xmlparse.c in Expat before 2.4.3, an integer overflow exists for m_groupSize. addBinding in xmlparse.c in Expat before 2.4.3 has an integer overflow. build_mo ... oval:org.secpod.oval:def:4501145 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:79849 The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters for a namespace separator . Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. For the oldstable distribution , this problem ... oval:org.secpod.oval:def:121768 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:606070 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:2500599 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:86653 The host is missing a patch containing a security fixes, which affects the following package(s): Python oval:org.secpod.oval:def:3302450 Security update for python39 oval:org.secpod.oval:def:1505518 [2.1.0-14.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-14] - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte ... oval:org.secpod.oval:def:3301089 SUSE Security Update: Security update for expat oval:org.secpod.oval:def:89046081 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:78390 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:506760 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:2500582 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. oval:org.secpod.oval:def:4500914 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:89046129 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:1505680 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] oval:org.secpod.oval:def:89046009 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:506805 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:89047613 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:89046049 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:606182 The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters for a namespace separator . Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. For the oldstable distribution , this problem ... oval:org.secpod.oval:def:706318 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:89051608 This update for python311 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2023-27043: Fixed incorrect e-mqil parsing . * CVE-2022-25236: Fixed an expat vulnerability by supporting expat greater than= 2.4.4 . oval:org.secpod.oval:def:89051611 This update for python39 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2023-27043: Fixed incorrect e-mqil parsing . * CVE-2023-40217: Fixed a ssl.SSLSocket TLS bypass vulnerability where data is sent unencrypted . * CVE-2022-25236: F ... |