Advisories » MGASA-2022-0183

Updated xmlrpc-c packages fix security vulnerability

Publication date: 15 May 2022
Modification date: 15 May 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-25235

Description

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation
of encoding, such as checks for whether a UTF-8 character is valid in a
certain context. (CVE-2022-25235)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30351
• https://access.redhat.com/errata/RHSA-2022:1643
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235

SRPMS

8/core

• xmlrpc-c-1.51.06-1.1.mga8