Laibulale ya Expat 2.4.5, yomwe imagwiritsidwa ntchito kuyika mawonekedwe a XML m'mapulojekiti ambiri, kuphatikiza Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python ndi Wayland, imachotsa ziwopsezo zisanu zowopsa, zinayi zomwe zimakupatsani mwayi wokonza kachidindo kanu. pokonza deta ya XML yopangidwa mwapadera muzogwiritsira ntchito pogwiritsa ntchito libexpat. Paziwopsezo ziwiri, zovuta zogwirira ntchito zimaperekedwa. Mutha kutsata zofalitsa zosintha pamagawo pamagawo awa Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.
Zowopsa zomwe zidazindikirika:
- CVE-2022-25235 - Kusefukira kwa buffer chifukwa choyang'ana molakwika ma encoding a zilembo za Unicode, zomwe zimatha kutsogola (pali mabizinesi) kuti agwiritse ntchito ma code pokonza zotsatizana mwapadera za 2- ndi 3-byte UTF-8 zilembo mu XML. mayina ama tag.
- CVE-2022-25236 - Kuthekera kosintha zilembo za delimiter m'malo mwa "xmlns[:prefix]" mu URI. Kusatetezeka kumakupatsani mwayi wokonza ma code mukamakonza data ya owukira (chiwopsezo chilipo).
- CVE-2022-25313 Kutopa kwa stack kumachitika mukadula chipika cha "doctype" (DTD), monga momwe chikuwonekera m'mafayilo akulu kuposa 2 MB omwe ali ndi mapologalamu ambiri otseguka. N'zotheka kuti chiwopsezocho chingagwiritsidwe ntchito pokonzekera kuchitidwa kwa code yake mu dongosolo.
- CVE-2022-25315 ndikusefukira kwathunthu mu storeRawNames ntchito yomwe imangochitika pamakina a 64-bit ndipo imafuna kukonza ma gigabytes a data. N'zotheka kuti chiwopsezocho chingagwiritsidwe ntchito pokonzekera kuchitidwa kwa code yake mu dongosolo.
- CVE-2022-25314 ndikuchulukirachulukira mu ntchito ya copyString yomwe imangochitika pamakina a 64-bit ndipo imafuna kukonza ma gigabytes a data. Vutoli likhoza kuchititsa kuti munthu akanidwe ntchito.
Source: opennet.ru