| Summary: | expat new security issue CVE-2022-40674 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | expat-2.2.10-1.4.mga8.src.rpm | CVE: | CVE-2022-40674 |
| Status comment: | |||
|
Description
David Walser
2022-09-23 18:06:54 CEST
David Walser
2022-09-23 18:07:14 CEST
Status comment:
(none) =>
Fixed upstream in 2.4.9 Assigning to NicolasS because you have done CVE updates on this before. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix a security vulnerability: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 https://www.debian.org/security/2022/dsa-5236 ======================== Updated packages in core/updates_testing: ======================== expat-2.2.10-1.5.mga8 lib(64)expat1-2.2.10-1.5.mga8 lib(64)expat-devel-2.2.10-1.5.mga8 from SRPM: expat-2.2.10-1.5.mga8.src.rpm Status:
NEW =>
ASSIGNED MGA8-64 MATE on Acer Aspire 5253 No installation issues Downloaded testfiles from bug 30070 (copied from wiki) and run test. $ python testexpat.py Tested OK Good to go. Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-10-01 16:58:56 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0352.html Resolution:
(none) =>
FIXED |