Download
| Alert*
oval:org.secpod.oval:def:1800647
expat is installed oval:org.secpod.oval:def:121765 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:121885 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:203177 expat is installed oval:org.secpod.oval:def:57436 It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service. oval:org.secpod.oval:def:601505 expat is installed oval:org.secpod.oval:def:89003158 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons . oval:org.secpod.oval:def:121453 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1601128 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 oval:org.secpod.oval:def:205529 Expat is a C library for parsing XML documents. Security Fix: * expat: Integer overflow leading to buffer overflow in XML_GetBuffer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Refe ... oval:org.secpod.oval:def:503598 Expat is a C library for parsing XML documents. Security Fix: * expat: Integer overflow leading to buffer overflow in XML_GetBuffer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Refe ... oval:org.secpod.oval:def:2500924 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:1700851 expat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and inte ... oval:org.secpod.oval:def:89047489 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:3300832 SUSE Security Update: Security update for expat oval:org.secpod.oval:def:1701810 Expat before 2.4.4 has an integer overflow in the doProlog function. A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service oval:org.secpod.oval:def:1601519 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:88406 Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:507485 Expat is a C library for parsing XML documents. Security Fix: * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:124281 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:2600043 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:5800030 Expat is a C library for parsing XML documents. Security Fix: * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:89046041 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:605886 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:4501201 Expat is a C library for parsing XML documents. Security Fix: * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:5800061 Expat is a C library for parsing XML documents. Security Fix: * expat: a use-after-free in the doContent function in xmlparse.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Referenc ... oval:org.secpod.oval:def:610167 Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:1701065 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations oval:org.secpod.oval:def:89047444 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior . - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog . - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse ... oval:org.secpod.oval:def:1506349 [2.2.5-10.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-10.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 oval:org.secpod.oval:def:3300758 SUSE Security Update: Security update for expat oval:org.secpod.oval:def:2600068 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:124305 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1700887 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior oval:org.secpod.oval:def:89047036 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c . oval:org.secpod.oval:def:88601 expat: XML parsing C library Details: USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Linux Mint 19.x LTS, Linux Mint 20.x LTS and Linux Mint 21.x LTS. Original advisory Expat could be made to crash or execute arbitrary code. oval:org.secpod.oval:def:88602 expat: XML parsing C library Details: USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Linux Mint 18.x ESM, Linux Mint 19.x LTS, Linux Mint 20.x LTS, Linux Mint 21.x LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Linux Mint ... oval:org.secpod.oval:def:89047739 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c . oval:org.secpod.oval:def:1506368 [2.4.9-1.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 oval:org.secpod.oval:def:2500799 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:707819 expat: XML parsing C library Details: USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS. We a ... oval:org.secpod.oval:def:2600126 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:1700868 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:89046084 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:112585 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:112591 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:53080 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ... oval:org.secpod.oval:def:89044854 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour - CVE-2017-9233: External Entity Vulnerability could lead to denial of service oval:org.secpod.oval:def:89044842 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour - CVE-2017-9233: External Entity Vulnerability could lead to denial of service oval:org.secpod.oval:def:602951 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ... oval:org.secpod.oval:def:112829 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:97679 [CLSA-2022:1664193203] Fixed CVE-2022-40674 in expat oval:org.secpod.oval:def:97686 [CLSA-2022:1667493762] expat: Fix of CVE-2022-43680 oval:org.secpod.oval:def:602176 Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed. oval:org.secpod.oval:def:110714 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:204045 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:1601316 A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this iss ... oval:org.secpod.oval:def:501941 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:110858 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1800646 CVE-2012-6702: Using XML_Parse before rand results into non-random output. Reference: CVE-2016-5300: Little entropy used for hash initialization. The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service vi ... oval:org.secpod.oval:def:602506 Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library ... oval:org.secpod.oval:def:204140 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:89045355 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:1501684 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:1501685 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:1600483 CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary ... oval:org.secpod.oval:def:202354 Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ... oval:org.secpod.oval:def:89044853 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand f ... oval:org.secpod.oval:def:202358 Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ... oval:org.secpod.oval:def:1503639 Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:600862 It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling. oval:org.secpod.oval:def:89044956 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand f ... oval:org.secpod.oval:def:602529 Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ... oval:org.secpod.oval:def:400755 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:34942 The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:110629 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:500810 Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ... oval:org.secpod.oval:def:127186 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:202135 Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. All expat use ... oval:org.secpod.oval:def:202110 Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. All expat use ... oval:org.secpod.oval:def:500499 Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. All expat use ... oval:org.secpod.oval:def:67967 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:69908 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:58850 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:205667 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:604538 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:117137 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:89050813 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input oval:org.secpod.oval:def:2500066 Expat is a C library for parsing XML documents. oval:org.secpod.oval:def:504710 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:89003208 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents oval:org.secpod.oval:def:97671 [CLSA-2022:1660762248] Fixed 13 CVEs in expat oval:org.secpod.oval:def:89047751 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - Fixed a regression caused by the patch for CVE-2022-25236 . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: ... oval:org.secpod.oval:def:19500049 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior . In doProlog in xmlparse.c in Expat before 2.4.3, an integer overflow exists for m_groupSize. addBinding in xmlparse.c in Expat before 2.4.3 has an integer overflow. build_mo ... oval:org.secpod.oval:def:79849 The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters for a namespace separator . Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. For the oldstable distribution , this problem ... oval:org.secpod.oval:def:3301089 SUSE Security Update: Security update for expat oval:org.secpod.oval:def:89046049 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:506850 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:506735 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:4500908 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRa ... oval:org.secpod.oval:def:89047393 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:606070 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:89046081 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:1505680 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] oval:org.secpod.oval:def:89046009 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:506805 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:89047613 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:606182 The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters for a namespace separator . Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. For the oldstable distribution , this problem ... oval:org.secpod.oval:def:89051733 This update for expat fixes the following issues: * CVE-2023-52425: Fixed a DoS caused by processing large tokens. * CVE-2024-28757: Fixed an XML Entity Expansion oval:org.secpod.oval:def:98756 expat: XML parsing C library Expat could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:1507414 [2.5.0-1.1] - CVE-2023-52425: Fix parsing of large tokens - CVE-2024-28757: Reject direct parameter entity recursion - Resolves: RHEL-29698 - Resolves: RHEL-29695 oval:org.secpod.oval:def:509158 Expat is a C library for parsing XML documents. Security Fix: expat: parsing large tokens can trigger a denial of service expat: XML Entity Expansion |