SUSE-SU-2022:2294-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20222294-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2294-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:2294-1
- Related
- Published
- 2022-07-06T11:34:18Z
- Modified
- 2022-07-06T11:34:18Z
- Summary
- Security update for expat
- Details
-
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20222294-1/
- https://bugzilla.suse.com/1196025
- https://bugzilla.suse.com/1196026
- https://bugzilla.suse.com/1196168
- https://bugzilla.suse.com/1196169
- https://bugzilla.suse.com/1196171
- https://bugzilla.suse.com/1196784
- https://www.suse.com/security/cve/CVE-2022-25235
- https://www.suse.com/security/cve/CVE-2022-25236
- https://www.suse.com/security/cve/CVE-2022-25313
- https://www.suse.com/security/cve/CVE-2022-25314
- https://www.suse.com/security/cve/CVE-2022-25315
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / expat
Package
- Name
- expat
- Purl
- purl:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4