Security update for expat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:14878-1 Final 1 1 2022-01-25T12:57:53Z current 2022-01-25T12:57:53Z 2022-01-25T12:57:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for expat This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-expat-14878,slessp4-expat-14878 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ Link for SUSE-SU-2022:14878-1 https://lists.suse.com/pipermail/sle-security-updates/2022-January/010066.html E-Mail link for SUSE-SU-2022:14878-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194251 SUSE Bug 1194251 https://bugzilla.suse.com/1194362 SUSE Bug 1194362 https://bugzilla.suse.com/1194474 SUSE Bug 1194474 https://bugzilla.suse.com/1194476 SUSE Bug 1194476 https://bugzilla.suse.com/1194477 SUSE Bug 1194477 https://bugzilla.suse.com/1194478 SUSE Bug 1194478 https://bugzilla.suse.com/1194479 SUSE Bug 1194479 https://bugzilla.suse.com/1194480 SUSE Bug 1194480 https://www.suse.com/security/cve/CVE-2021-45960/ SUSE CVE CVE-2021-45960 page https://www.suse.com/security/cve/CVE-2021-46143/ SUSE CVE CVE-2021-46143 page https://www.suse.com/security/cve/CVE-2022-22822/ SUSE CVE CVE-2022-22822 page https://www.suse.com/security/cve/CVE-2022-22823/ SUSE CVE CVE-2022-22823 page https://www.suse.com/security/cve/CVE-2022-22824/ SUSE CVE CVE-2022-22824 page https://www.suse.com/security/cve/CVE-2022-22825/ SUSE CVE CVE-2022-22825 page https://www.suse.com/security/cve/CVE-2022-22826/ SUSE CVE CVE-2022-22826 page https://www.suse.com/security/cve/CVE-2022-22827/ SUSE CVE CVE-2022-22827 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS expat-2.0.1-88.42.12.1 libexpat1-2.0.1-88.42.12.1 libexpat1-32bit-2.0.1-88.42.12.1 expat-2.0.1-88.42.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libexpat1-2.0.1-88.42.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 expat-2.0.1-88.42.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libexpat1-2.0.1-88.42.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libexpat1-32bit-2.0.1-88.42.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). CVE-2021-45960 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2021-45960.html CVE-2021-45960 https://bugzilla.suse.com/1194251 SUSE Bug 1194251 In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CVE-2021-46143 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2021-46143.html CVE-2021-46143 https://bugzilla.suse.com/1194362 SUSE Bug 1194362 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1196387 SUSE Bug 1196387 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22822 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22822.html CVE-2022-22822 https://bugzilla.suse.com/1194474 SUSE Bug 1194474 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22823 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22823.html CVE-2022-22823 https://bugzilla.suse.com/1194476 SUSE Bug 1194476 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22824 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22824.html CVE-2022-22824 https://bugzilla.suse.com/1194477 SUSE Bug 1194477 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22825 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22825.html CVE-2022-22825 https://bugzilla.suse.com/1194478 SUSE Bug 1194478 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22826 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22826.html CVE-2022-22826 https://bugzilla.suse.com/1194479 SUSE Bug 1194479 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22827 SUSE Linux Enterprise Point of Sale 11 SP3:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:expat-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-2.0.1-88.42.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libexpat1-32bit-2.0.1-88.42.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214878-1/ https://www.suse.com/security/cve/CVE-2022-22827.html CVE-2022-22827 https://bugzilla.suse.com/1194480 SUSE Bug 1194480 https://bugzilla.suse.com/1195327 SUSE Bug 1195327 https://bugzilla.suse.com/1200038 SUSE Bug 1200038 https://bugzilla.suse.com/1200198 SUSE Bug 1200198