Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202209-24 ] Expat: Multiple Vulnerabilities
Date: Thu, 29 Sep 2022 14:40:04
Message-Id: 166446148368.9.8079127177464388937@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202209-24
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Expat: Multiple Vulnerabilities
9 Date: September 29, 2022
10 Bugs: #791703, #830422, #831918, #833431, #870097
11 ID: 202209-24
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in Expat, the worst of
19 which could result in arbitrary code execution.
20
21 Background
22 ==========
23
24 Expat is a set of XML parsing libraries.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 dev-libs/expat < 2.4.9 >= 2.4.9
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Expat. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 Please review the referenced CVE identifiers for details.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All Expat users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.4.9"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2021-45960
62 https://nvd.nist.gov/vuln/detail/CVE-2021-45960
63 [ 2 ] CVE-2021-46143
64 https://nvd.nist.gov/vuln/detail/CVE-2021-46143
65 [ 3 ] CVE-2022-22822
66 https://nvd.nist.gov/vuln/detail/CVE-2022-22822
67 [ 4 ] CVE-2022-22823
68 https://nvd.nist.gov/vuln/detail/CVE-2022-22823
69 [ 5 ] CVE-2022-22824
70 https://nvd.nist.gov/vuln/detail/CVE-2022-22824
71 [ 6 ] CVE-2022-22825
72 https://nvd.nist.gov/vuln/detail/CVE-2022-22825
73 [ 7 ] CVE-2022-22826
74 https://nvd.nist.gov/vuln/detail/CVE-2022-22826
75 [ 8 ] CVE-2022-22827
76 https://nvd.nist.gov/vuln/detail/CVE-2022-22827
77 [ 9 ] CVE-2022-23852
78 https://nvd.nist.gov/vuln/detail/CVE-2022-23852
79 [ 10 ] CVE-2022-23990
80 https://nvd.nist.gov/vuln/detail/CVE-2022-23990
81 [ 11 ] CVE-2022-25235
82 https://nvd.nist.gov/vuln/detail/CVE-2022-25235
83 [ 12 ] CVE-2022-25236
84 https://nvd.nist.gov/vuln/detail/CVE-2022-25236
85 [ 13 ] CVE-2022-25313
86 https://nvd.nist.gov/vuln/detail/CVE-2022-25313
87 [ 14 ] CVE-2022-25314
88 https://nvd.nist.gov/vuln/detail/CVE-2022-25314
89 [ 15 ] CVE-2022-25315
90 https://nvd.nist.gov/vuln/detail/CVE-2022-25315
91 [ 16 ] CVE-2022-40674
92 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
93
94 Availability
95 ============
96
97 This GLSA and any updates to it are available for viewing at
98 the Gentoo Security Website:
99
100 https://security.gentoo.org/glsa/202209-24
101
102 Concerns?
103 =========
104
105 Security is a primary focus of Gentoo Linux and ensuring the
106 confidentiality and security of our users' machines is of utmost
107 importance to us. Any security concerns should be addressed to
108 security@g.o or alternatively, you may file a bug at
109 https://bugs.gentoo.org.
110
111 License
112 =======
113
114 Copyright 2022 Gentoo Foundation, Inc; referenced text
115 belongs to its owner(s).
116
117 The contents of this document are licensed under the
118 Creative Commons - Attribution / Share Alike license.
119
120 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups