UbuntuUpdates.org

Package "libexpat1-dev"

Name: libexpat1-dev

Description:

XML parsing C library - development kit
Latest version: 2.4.7-1ubuntu0.4
Release: jammy (22.04)
Level: security
Repository: main
Head package: expat
Homepage: https://libexpat.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libexpat1-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libexpat1-dev" in Jammy

Repository Area Version
base main 2.4.7-1
updates main 2.4.7-1ubuntu0.4

Changelog

Version: 2.4.7-1ubuntu0.4 2024-09-17 15:07:19 UTC

  expat (2.4.7-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: invalid input length
    - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
      expat/lib/xmlparse.c to identify and error out if a negative length is
      provided.
    - CVE-2024-45490
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45491.patch: adds a check to the dtdCopy function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45491
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45492

 -- Ian Constantin <email address hidden> Tue, 10 Sep 2024 13:17:45 +0300
Source diff to previous version
CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT
CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (wh

Version: 2.4.7-1ubuntu0.3 2024-03-14 12:06:56 UTC

  expat (2.4.7-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens.
    - CVE-2023-52425
  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with
      isolated external parser.
    - CVE-2024-28757

 -- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 14:28:54 +0100
Source diff to previous version
CVE-2023-52425 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for w
CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCrea

Version: 2.4.7-1ubuntu0.2 2022-11-23 13:07:26 UTC

  expat (2.4.7-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2022-43680-1.patch: adds tests to cover
      DTD destruction in XML_ExternalEntityParserCreate in
      expat/tests/runtests.c.
    - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD
      destruction in XML_ExternalEntityParserCreate in
      expat/lib/xmlparse.c.
    - CVE-2022-43680

 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Nov 2022 12:21:42 +0100
Source diff to previous version
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memo

Version: 2.4.7-1ubuntu0.1 2022-11-17 11:07:23 UTC

  expat (2.4.7-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in doContent
    - debian/patches/CVE-2022-40674.patch: ensure storeRawNames()
      is always called in func internalEntityProcessor if handling
      unbalanced tags in expat/lib/xmlparse.c.
    - CVE-2022-40674

 -- David Fernandez Gonzalez <email address hidden> Tue, 15 Nov 2022 16:01:53 +0100
CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.


About   -   Send Feedback to @ubuntu_updates