ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities nyob rau hauv lub tsev qiv ntawv Expat uas ua rau kev ua txhaum cai thaum ua cov ntaub ntawv XML

Vulnerabilities nyob rau hauv lub tsev qiv ntawv Expat uas ua rau kev ua txhaum cai thaum ua cov ntaub ntawv XML

Lub tsev qiv ntawv Expat 2.4.5, siv los txheeb xyuas XML hom hauv ntau qhov haujlwm, suav nrog Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python thiab Wayland, tshem tawm tsib qhov tsis zoo txaus ntshai, plaub qhov uas muaj peev xwm tso cai rau koj los teeb tsa kev ua tiav ntawm koj cov cai. thaum ua cov ntaub ntawv tsim tshwj xeeb XML hauv daim ntawv thov siv libexpat. Rau ob qhov tsis zoo, kev siv dag zog ua haujlwm tau tshaj tawm. Koj tuaj yeem ua raws li cov ntawv tshaj tawm ntawm pob hloov tshiab hauv kev faib tawm ntawm nplooj ntawv no Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.

Txheeb xyuas qhov tsis zoo:

  • CVE-2022-25235 - Ib qho tsis txaus vim qhov tsis raug ntawm kev kuaj xyuas cov encoding ntawm cov cim Unicode, uas tuaj yeem ua rau (muaj kev siv dag zog) rau kev ua lej thaum ua cov txheej txheem tshwj xeeb ntawm 2- thiab 3-byte UTF-8 cim hauv XML tag npe.
  • CVE-2022-25236 - Muaj peev xwm hloov pauv cov npe ntawm qhov chaw tus lej cim rau hauv qhov tseem ceeb ntawm "xmlns[:prefix]" tus cwj pwm hauv URI. Qhov tsis txaus ntseeg tso cai rau koj los teeb tsa cov lej ua tiav thaum ua cov ntaub ntawv tawm tsam (ib qho kev siv dag zog muaj).
  • CVE-2022-25313 Stack exhaustion tshwm sim thaum parsing ib "doctype" (DTD) thaiv, raws li pom nyob rau hauv cov ntaub ntawv loj dua 2 MB uas muaj xws li ib tug ntau heev ntawm qhib kab lus. Nws yog qhov ua tau tias qhov tsis zoo tuaj yeem siv los teeb tsa kev ua tiav ntawm tus kheej tus lej hauv qhov system.
  • CVE-2022-25315 yog integer overflow hauv storeRawNames muaj nuj nqi uas tsuas yog tshwm sim ntawm 64-ntsis systems thiab yuav tsum tau ua gigabytes ntawm cov ntaub ntawv. Nws yog qhov ua tau tias qhov tsis zoo tuaj yeem siv los teeb tsa kev ua tiav ntawm tus kheej tus lej hauv qhov system.
  • CVE-2022-25314 yog ib qho integer overflow hauv copyString muaj nuj nqi uas tsuas yog tshwm sim ntawm 64-ntsis systems thiab yuav tsum tau ua gigabytes ntawm cov ntaub ntawv. Qhov teeb meem yuav ua rau muaj kev tsis lees paub kev pabcuam.

    Tau qhov twg los: opennet.ru

Ntxiv ib saib