Download
| Alert*
oval:org.secpod.oval:def:706344
expat: XML parsing C library Details: USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain fil ... oval:org.secpod.oval:def:1601519 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:79877 expat: XML parsing C library Details: USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain fil ... oval:org.secpod.oval:def:1700868 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:2500847 Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. oval:org.secpod.oval:def:78540 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1505492 [91.7.0-3.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 [91.7.0-1] - Update to 91.7.0 build2 [91.6.0-2] - ... oval:org.secpod.oval:def:78343 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1505491 [91.7.0-3.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of ... oval:org.secpod.oval:def:506730 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:506850 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:506735 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:1700895 A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write. A flaw was found in expat. Passing malformed 2- and 3-byt ... oval:org.secpod.oval:def:78538 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:1505532 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 oval:org.secpod.oval:def:78539 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:1505530 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 oval:org.secpod.oval:def:4500908 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRa ... oval:org.secpod.oval:def:2500713 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:506789 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:97671 [CLSA-2022:1660762248] Fixed 13 CVEs in expat oval:org.secpod.oval:def:506788 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:121753 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124948 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:121714 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:124946 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2107539 Oracle Solaris 11 - ( CVE-2022-23852 ) oval:org.secpod.oval:def:121713 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:89047751 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - Fixed a regression caused by the patch for CVE-2022-25236 . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: ... oval:org.secpod.oval:def:1505501 [2.2.5-4.3] - Improve fix for CVE-2022-25236 - Related: CVE-2022-25236 [2.2.5-4.2] - Fix multiple CVEs - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 [2.2.5-4.1] - Fix multiple CVEs - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer - CVE-2021-45960 ... oval:org.secpod.oval:def:89047393 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:19500049 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior . In doProlog in xmlparse.c in Expat before 2.4.3, an integer overflow exists for m_groupSize. addBinding in xmlparse.c in Expat before 2.4.3 has an integer overflow. build_mo ... oval:org.secpod.oval:def:4501145 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malfor ... oval:org.secpod.oval:def:121768 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:606070 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:2500599 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:86653 The host is missing a patch containing a security fixes, which affects the following package(s): Python oval:org.secpod.oval:def:1505518 [2.1.0-14.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-14] - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte ... oval:org.secpod.oval:def:3301089 SUSE Security Update: Security update for expat oval:org.secpod.oval:def:89046081 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:78390 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:506760 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:2500582 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. oval:org.secpod.oval:def:4500914 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:1505680 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] oval:org.secpod.oval:def:89046009 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:506805 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:89046049 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... |