Request 947286: Submit expat - openSUSE Build Service

This request supersedes: request 946920 (Show diff)

Overview

Request 947286 accepted

- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.

Created by dirkmueller over 2 years ago
In state accepted
Package maintainer: david.anes
Supersedes 946920

Submit expat

Comments for request 947286 0
Comments for request 946920 1

Login required, please login in order to comment

David Anes (david.anes) - over 2 years ago

target maintainer

Hi Dirk, do you mind to include in the changelog all bugs this version fixes? Here is the list: bsc#1194251 bsc#1194362 bsc#1194474 bsc#1194476 bsc#1194477 bsc#1194478 bsc#1194479 bsc#1194480

Thanks!

Login required, please login in order to comment

Request History

dirkmueller created request over 2 years ago

- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.

david.anes accepted request over 2 years ago

Awesome! Thanks!

openSUSE Build Service is sponsored by