Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5266-1] expat security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5266-1] expat security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5266-1] expat security update
  • Date: Sun, 30 Oct 2022 14:03:23 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1op8uJ-0021jw-7z AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=RiSSFTpeHDq/jj/ZcSQ1PrR6gvSaRuNimMZHOQQlJkQ=; b=Xl lHBO4cbsrpp04Q4Lsisy6H/yAEWVoZHfD6DHoKrhDJ9UsPro3beKAhMzzyGCoPWx33rRJ8uPSiyuv cT5tXmiE/a5soRoaYM2zPSbq18RVBzbY7kYX/wGnzApmWh34LaCX/Ocv1GWbU/Q91I439BfdEmC0o pqxqbl5ChjJHhQLXK4COq3VNtSsqabMSKVEJ0kZe0gzmTUY5uYHmSXVJunMn8pKFjmevUPDVpJA/s pIelptUK/DyP1Yqmx2BSntuazalTNQrnTL3n3nErsFJjE15r1EDMeLo12nSBEmCt12Zgqh11qeUmV QqEFnyfIjJhOiu1eB+33w60YHbnVd2Zw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sun, 30 Oct 2022 14:03:50 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <rnfZ0QHI2EP.A.dEF.FRoXjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5266-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 30, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2022-43680
Debian Bug : 1022743

A heap use-after-free vulnerability after overeager destruction of a
shared DTD in the XML_ExternalEntityParserCreate function in Expat, an
XML parsing C library, may result in denial of service or potentially
the execution of arbitrary code.

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.10-2+deb11u5.

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/expat

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNehABfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TT5RAAiDBqtdgoagQspAsmWvoT1IJw0fsx2IFA4ynzyAI33nXegNKfDUGmc9wW
KVm4APPaFWvy9s4hlA7HeMUdRQRxuW2iL5q3Jnkbjcnm1kISTgxPymt0HFeJWr9T
VRSQt0OqUtzzOvNAz2lSd86551EMPa/oS0fvLq/vDTC3mTL1WsoMsouJR+l7potT
MtJf43G10AmfLx+XgSsfmHU2Hvf5S2PO7aEmNHic9HW7bwUqm6KF2lZs5Qo4IVyk
qQ3eKufLg0HZcOi+QMWxpKYzxOR/tnzYHjLAzTI7yjugBBufcaux1kYnB0ULnDLf
Oc+uHXuhttfji4sbEzGB9uWDX+rhtBszcaM/Ww53J8tDy3chnv93pi5em1ABQljr
PjFz/+N4g4tsNgdCTvMjT332kPi6W9zFUA/iB21LP4H7xc3stGCVubZW0UVcvOu2
ubCabr/XQBOtlnc4tj/L9UyQW+Rfqe9x1WHkhwTuHMg8/YcqWljv3LwTz1DXfyFF
0vmSlliOr0POP7I0iJvrw647rVBaNEsVPNqFhPu5Ro5jd5y3gt+f763J692JXfTP
QJc3PaJz37NCdupga7lPu1W5cSLAYtze5JxqH4XJaKFprpaGfo3OFIDas0Z5yIs8
DxMbjmY9VlpMQ8vKfHYPgoKV+NRv9bKKpBLxYI/o4bq8uA4JgpE=
=bLU+
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5266-1] expat security update, Salvatore Bonaccorso, 30.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang