|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] expat (SSA:2022-016-01)
Date: Sun, 16 Jan 2022 13:48:11 -0800 (PST) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] expat (SSA:2022-016-01)
New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.4.3-i586-1_slack14.2.txz: Upgraded.
Fix issues with left shifts by >=29 places resulting in:
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
Fix integer overflow on variable m_groupSize in function doProlog leading
to realloc acting as free. Impact is denial of service or other undefined
behavior.
Prevent integer overflows near memory allocation at multiple places.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.3-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.3-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
221489b3cc531df86e938f4b5f86f333 expat-2.4.3-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
567acea852c48adddc4ddb54d7d31b8c expat-2.4.3-x86_64-1_slack14.0.txz
Slackware 14.1 package:
955d3d04dbe44c58328003e29ab83cef expat-2.4.3-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
cdedf19fe237eb09786d54c8295658fc expat-2.4.3-x86_64-1_slack14.1.txz
Slackware 14.2 package:
dc1121c0f3c2e331ee162586103bc61d expat-2.4.3-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
0476a33c23c7398cce3f48c508538d56 expat-2.4.3-x86_64-1_slack14.2.txz
Slackware -current package:
170535aa026a821b7434a3a4a6987b41 l/expat-2.4.3-i586-1.txz
Slackware x86_64 -current package:
6b978051bba045d94e53890bc5289f49 l/expat-2.4.3-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg expat-2.4.3-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAmHkjZkACgkQakRjwEAQIjP5DgCdEyMgZ1Xt0QDAbvci+BMLhhH8
LqcAoI9NLG98BcJPy/M12q1UNOCohmid
=7DsO
-----END PGP SIGNATURE-----
|
| |