Iyo Expat 2.4.5 raibhurari, yakashandiswa kupatsanura fomati yeXML mumapurojekiti mazhinji, anosanganisira Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python uye Wayland, inobvisa kusagadzikana kushanu kune njodzi, ina yacho inogona kubvumidza iwe kuronga maitirwo ekodhi yako. paunenge uchigadzira data rakagadzirirwa XML mumashandisirwo uchishandisa libexpat. Nokuda kwekusagadzikana kuviri, kushandiswa kwekushanda kunoshumwa. Unogona kutevera zvakaburitswa zvepakeji zvigadziriso mukugovera pamapeji aya Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.
Zvinozivikanwa vulnerabilities:
- CVE-2022-25235 - Buffer inofashukira nekuda kwekukanganisa kusimbiswa kweiyo Unicode mavara, ayo anogona kutungamira (kune bhiza) kuita kodhi kuuraya kana uchigadzira akateedzana akateedzana e2- uye 3-byte UTF-8 mavara muXML. tag names.
- CVE-2022-25236 -Kugona kwekutsinhanisa mazita enzvimbo delimiter mavara muhunhu hwe "xmlns[:prefix]" hunhu muURI. Kusagadzikana kunobvumira iwe kuronga kodhi kuuraya paunenge uchigadzira data yeanorwisa (kushandisa kunowanikwa).
- CVE-2022-25313 Stack kuneta kunoitika kana kupatsanura "doctype" (DTD) block, sezvinoonekwa mumafaira akakura kupfuura 2 MB anosanganisira nhamba huru kwazvo yemaparenthesi akavhurika. Zvinogoneka kuti kusadzivirirwa kwacho kunogona kushandiswa kuronga kuitiswa kwekodhi yako muhurongwa.
- CVE-2022-25315 inofashukira muchitoroRawNames basa rinongoitika pa64-bit masisitimu uye rinoda kugadzirisa gigabytes yedata. Zvinogoneka kuti kusadzivirirwa kwacho kunogona kushandiswa kuronga kuitiswa kwekodhi yako muhurongwa.
- CVE-2022-25314 ihuwandu hwekufashukira mune iyo copyString basa rinongoitika pa64-bit masisitimu uye rinoda kugadzirisa gigabytes yedata. Dambudziko racho rinogona kukonzera kunyimwa basa.
Source: opennet.ru