Bug 33547 - expat new security issues CVE-2024-4549[0-2]
Summary: expat new security issues CVE-2024-4549[0-2]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-09-09 14:48 CEST by Nicolas Salguero
Modified: 2024-09-11 22:43 CEST (History)
2 users (show)

See Also:
Source RPM: expat-2.6.2-1.mga9.src.rpm
CVE: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Status comment:


Attachments

Description Nicolas Salguero 2024-09-09 14:48:39 CEST
Slackware has issued an advisory on September 4:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556
Nicolas Salguero 2024-09-09 14:49:17 CEST

Status comment: (none) => Fixed upstream in 2.6.3
CVE: (none) => CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Source RPM: (none) => expat-2.6.2-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2024-09-09 16:56:46 CEST
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490)

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491)

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492)

References:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556
========================

Updated packages in core/updates_testing:
========================
expat-2.6.3-1.mga9
lib(64)expat1-2.6.3-1.mga9
lib(64)expat-devel-2.6.3-1.mga9

from SRPM:
expat-2.6.3-1.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 2.6.3 => (none)

katnatek 2024-09-09 18:52:19 CEST

Keywords: (none) => advisory

Comment 2 katnatek 2024-09-10 18:50:18 CEST
RH x86_64

Not sure why I have both expat libs but added in qarepo

LC_ALL=C urpmi --auto --auto-update
adding 3 new rpms not available in existing hdlist
replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp
updating /var/cache/urpmi/partial/MD5SUM
updated medium "QA Testing (32-bit)"
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing //home/katnatek/qa-testing/x86_64/lib64expat1-2.6.3-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/x86_64/expat-2.6.3-1.mga9.x86_64.rpm
//home/katnatek/qa-testing/i586/libexpat1-2.6.3-1.mga9.i586.rpm
Preparing...                     ##################################################################################################
      1/3: lib64expat1           ##################################################################################################
      2/3: expat                 ##################################################################################################
      3/3: libexpat1             ##################################################################################################
      1/3: removing expat-2.6.2-1.mga9.x86_64
                                 ##################################################################################################
      2/3: removing libexpat1-2.6.2-1.mga9.i586
                                 ##################################################################################################
      3/3: removing lib64expat1-2.6.2-1.mga9.x86_64
                                 ##################################################################################################


Followed the procedure from the wiki, as was used in bug#31057 comment#2 (needed test files are attached to bug#31057)

python and python3 are python 3 now ;)

python
Python 3.10.11 (main, Mar 26 2024, 15:00:27) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.


python3 testexpat.py 
Tested OK

xmlwf /etc/xml/catalog
xmlwf /etc/passwd
/etc/passwd:1:16: not well-formed (invalid token)

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-09-11 02:34:57 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2024-09-11 22:43:26 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0294.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.