|
|
Log in / Subscribe / Register

Debian alert DLA-2935-1 (expat)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 2935-1] expat security update


Date:
              Mon, 07 Mar 2022 14:35:55 +0100


Message-ID:
              <20220307133555.1B5802A01DA@andromeda>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2935-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
March 07, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : expat
Version        : 2.2.0-2+deb9u5
CVE ID         : CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313
                 CVE-2022-25315
Debian Bug     : 1005894 1005895

Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.

For Debian 9 stretch, these problems have been fixed in version
2.2.0-2+deb9u5.

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmImCjoACgkQnUbEiOQ2
gwISDw//dfLMSA4CkAhtKlYeMVQhRkCQRZZ/A8Vo9Qr9ey32OX39H9twld9cDrWa
vq8flYYkDJOx8sbqqmXb6yks1Al5VG/FektqsGxa55Sc8PObFQrk3cMLkfAI2FMb
KhGjD0EBus6moMhWAAnY4jY+4PNFuRatbOdGlR2+t0tBKd2y+8ibNlA4Ap7LLbEJ
1T2MrCH74av1MRTPtojhw/cIKPDqr6nA/B8/ubWtFEf8iVGBSpDychxTlAWrgV4x
Qxo/GBmWPnWMpu3WpMJUTCBapJZPo3JLLxSjSe8LsRG6mnkyqalBdXQ6+E2bvpsv
eFmk16FxJ/+IN0+4AJbWkvvva3g8qHHjY1mA9Qk9RNSQJpxLme9AmOj8YTL0zoaN
zYGpUWo4wPas5oduhleKL1/ZUHMkuH038259OGn/CP7K2zKuOkj3IrflQWq6++eA
IyAtGxYi7t3i/I8q0RwYKsuksmVwbdZuqw67K9IXK7VlRzJEQVz76RGgK5Eet3rh
9vkirZbWrHpUA8X5PnKDd/TfK5G81PqdPF5QuLxLKQ8UjY7HCEEEtNUSyJU2vXfa
50nKasyugDnZRAlNmMWDZ/vQxkng6Xs7LFszuhYfntBUdx74GSQ2nrZ3ziJfzW5i
x1TpM2Q1CTKQCDysbikpB45smxHBH+/iuiqOPpzZSUb2BKpyNTg=
=jtbR
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds