Umtapo wezincwadi we-Expat 2.4.5, osetshenziselwa ukuncozulula ifomethi ye-XML kumaphrojekthi amaningi, okuhlanganisa i-Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python kanye ne-Wayland, iqeda ubungozi obuhlanu, okune kwakho okungase kuvumele ukuthi uhlele ukukhishwa kwekhodi yakho. lapho ucubungula idatha ye-XML eklanywe ngokukhethekile ezinhlelweni zisebenzisa i-libexpat. Ngokulimala okubili, ukuxhaphazwa okusebenzayo kubikwa. Ungalandela ukushicilelwa kwezibuyekezo zephakheji ekusatshalalisweni kulawa makhasi i-Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux.
Ubungozi obuhlonziwe:
- I-CVE-2022-25235 - Ukuchichima kwebhafa ngenxa yokuhlolwa okungalungile kombhalo wekhodi wezinhlamvu ze-Unicode, okungaholela (kukhona ukuxhaphaza) ekwenzeni ikhodi lapho kucubungula ukulandelana okufomethwe ngokukhethekile kwezinhlamvu ezingu-2- ne-3-byte ze-UTF-8 ku-XML. amagama amathegi.
- I-CVE-2022-25236 - Amathuba okushintshaniswa kwezinhlamvu ze-delimiter yendawo yamagama emananini we-"xmlns[:prefix]" ku-URI. Ukuba sengozini kukuvumela ukuthi uhlele ukusetshenziswa kwekhodi lapho ucubungula idatha yomhlaseli (ukuxhaphaza kuyatholakala).
- I-CVE-2022-25313 Ukukhathala kwesitaki kwenzeka lapho kuncozululwa ibhulokhi ethi "doctype" (DTD), njengoba kubonakala kumafayela amakhulu kuno-2 MB ahlanganisa inombolo enkulu kakhulu yabakaki abavulekile. Kungenzeka ukuthi ubungozi bungasetshenziswa ukuhlela ukwenziwa kwekhodi yomuntu siqu ohlelweni.
- I-CVE-2022-25315 iyinani elichichimayo kumsebenzi we-storeRawNames ovela kuphela kumasistimu we-64-bit futhi odinga ukucubungula amagigabhayithi edatha. Kungenzeka ukuthi ubungozi bungasetshenziswa ukuhlela ukwenziwa kwekhodi yomuntu siqu ohlelweni.
- I-CVE-2022-25314 iyinani elichichimayo kumsebenzi we-copyString okwenzeka kuphela kumasistimu we-64-bit futhi kudinga ukucubungula amagigabhayithi edatha. Inkinga ingase ibangele ukunqatshelwa kwesevisi.
Source: opennet.ru