Advisories » MGASA-2022-0409

Updated expat packages fix security vulnerability

Publication date: 04 Nov 2022
Modification date: 04 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-43680

Description

In libexpat through 2.4.9, there is a use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations. (CVE-2022-43680)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31057
• https://www.debian.org/security/2022/dsa-5266
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680

SRPMS

8/core

• expat-2.2.10-1.6.mga8