UbuntuUpdates.org

Package "expat"

Name: expat

Description:

XML parsing C library - example application
Latest version: 2.6.1-2ubuntu0.1
Release: noble (24.04)
Level: updates
Repository: universe
Homepage: https://libexpat.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "expat"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "expat" in Noble

Repository Area Version
base main 2.6.1-2build1
base universe 2.6.1-2build1
security main 2.6.1-2ubuntu0.1
security universe 2.6.1-2ubuntu0.1
updates main 2.6.1-2ubuntu0.1

Changelog

Version: 2.6.1-2ubuntu0.1 2024-09-11 20:06:58 UTC

  expat (2.6.1-2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: invalid input length
    - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
      expat/lib/xmlparse.c to identify and error out if a negative length is
      provided.
    - CVE-2024-45490
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45491.patch: adds a check to the dtdCopy function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45491
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45492

 -- Ian Constantin <email address hidden> Tue, 10 Sep 2024 13:17:43 +0300
CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT
CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (wh


About   -   Send Feedback to @ubuntu_updates