Laburaren Expat 2.4.5, wanda aka yi amfani da shi don rarraba tsarin XML a yawancin ayyuka, ciki har da Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python da Wayland, yana kawar da lahani biyar masu haɗari, hudu daga cikinsu suna iya ba ku damar tsara aiwatar da lambar ku. lokacin sarrafa bayanan XML na musamman da aka ƙera a aikace-aikace ta amfani da libexpat. Don rashin lahani guda biyu, an ba da rahoton fa'idar aiki. Kuna iya bin wallafe-wallafen sabuntawar fakiti a cikin rabawa akan waɗannan shafuka Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.
Gane rashin lahani:
- CVE-2022-25235 - Maɓalli mai cike da ɓarna saboda kuskuren bincikar rufaffiyar haruffan Unicode, wanda zai iya kaiwa (akwai amfani) zuwa aiwatar da lambar yayin sarrafa jeri na musamman na 2- da 3-byte UTF-8 haruffa a cikin XML tag sunaye.
- CVE-2022-25236 - Yiwuwar musanya haruffan sunan sararin samaniya cikin ƙimar halayen "xmlns[: prefix]" a cikin URI. Rashin lahani yana ba ku damar tsara aiwatar da lamba lokacin sarrafa bayanan maharin (akwai amfani).
- CVE-2022-25313 Gajiyawar tari yana faruwa lokacin da ake tantance toshe "doctype" (DTD), kamar yadda ake gani a cikin fayiloli waɗanda suka fi 2 MB waɗanda suka haɗa da adadi mai yawa na bakunan baka. Yana yiwuwa za a iya amfani da rashin lahani don tsara aiwatar da lambar lambar mutum a cikin tsarin.
- CVE-2022-25315 lamba ce mai malala a cikin aikin RawNames wanda ke faruwa kawai akan tsarin 64-bit kuma yana buƙatar sarrafa gigabytes na bayanai. Yana yiwuwa za a iya amfani da rashin lahani don tsara aiwatar da lambar lambar mutum a cikin tsarin.
- CVE-2022-25314 madaidaicin lamba ce a cikin aikin copyString wanda ke faruwa kawai akan tsarin 64-bit kuma yana buƙatar sarrafa gigabytes na bayanai. Matsalar na iya haifar da ƙin sabis.
source: budenet.ru