Expat 2.4.5, raibhurari inoshandiswa pakuongorora XML mumapurojekiti akawanda, anosanganisira Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python, uye Wayland, yakagadzirisa matambudziko mashanu akakosha, mana acho anogona kubvumira kushandiswa kwekodhi pakugadzirisa data reXML rakagadzirwa nemazvo mumapurogiramu uchishandisa libexpat. Kushanda kwakataurwa nezvematambudziko maviri aya. Unogona kutevera kuburitswa kwekuvandudzwa kwemapakeji mukugoverwa pamapeji aya. Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.
Zvinozivikanwa vulnerabilities:
- CVE-2022-25235 - Buffer inofashukira nekuda kwekukanganisa kusimbiswa kweiyo Unicode mavara, ayo anogona kutungamira (kune bhiza) kuita kodhi kuuraya kana uchigadzira akateedzana akateedzana e2- uye 3-byte UTF-8 mavara muXML. tag names.
- CVE-2022-25236 -Kugona kwekutsinhanisa mazita enzvimbo delimiter mavara muhunhu hwe "xmlns[:prefix]" hunhu muURI. Kusagadzikana kunobvumira iwe kuronga kodhi kuuraya paunenge uchigadzira data yeanorwisa (kushandisa kunowanikwa).
- CVE-2022-25313 Stack kuneta kunoitika kana kupatsanura "doctype" (DTD) block, sezvinoonekwa mumafaira akakura kupfuura 2 MB anosanganisira nhamba huru kwazvo yemaparenthesi akavhurika. Zvinogoneka kuti kusadzivirirwa kwacho kunogona kushandiswa kuronga kuitiswa kwekodhi yako muhurongwa.
- CVE-2022-25315 inofashukira muchitoroRawNames basa rinongoitika pa64-bit masisitimu uye rinoda kugadzirisa gigabytes yedata. Zvinogoneka kuti kusadzivirirwa kwacho kunogona kushandiswa kuronga kuitiswa kwekodhi yako muhurongwa.
- CVE-2022-25314 ihuwandu hwekufashukira mune iyo copyString basa rinongoitika pa64-bit masisitimu uye rinoda kugadzirisa gigabytes yedata. Dambudziko racho rinogona kukonzera kunyimwa basa.
Source: opennet.ru
