An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1490 Final 1.0 1.0 2022-01-18 Initial 2022-01-18 2022-01-18 openEuler SA Tool V1.0 2022-01-18 expat security update An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. An XML parser library. Security Fix(es): In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960) lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22825) storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22827) addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22822) nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22826) build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22823) defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.(CVE-2022-22824) In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.(CVE-2021-46143) An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical expat https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22825 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22827 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22822 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22826 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22823 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-22824 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 expat-debuginfo-2.2.9-4.oe1.aarch64.rpm expat-debugsource-2.2.9-4.oe1.aarch64.rpm expat-devel-2.2.9-4.oe1.aarch64.rpm expat-2.2.9-4.oe1.aarch64.rpm expat-2.2.9-4.oe1.aarch64.rpm expat-debuginfo-2.2.9-4.oe1.aarch64.rpm expat-debugsource-2.2.9-4.oe1.aarch64.rpm expat-devel-2.2.9-4.oe1.aarch64.rpm expat-debugsource-2.2.9-4.oe1.aarch64.rpm expat-2.2.9-4.oe1.aarch64.rpm expat-debuginfo-2.2.9-4.oe1.aarch64.rpm expat-devel-2.2.9-4.oe1.aarch64.rpm expat-help-2.2.9-4.oe1.noarch.rpm expat-help-2.2.9-4.oe1.noarch.rpm expat-help-2.2.9-4.oe1.noarch.rpm expat-2.2.9-4.oe1.src.rpm expat-2.2.9-4.oe1.src.rpm expat-2.2.9-4.oe1.src.rpm expat-debuginfo-2.2.9-4.oe1.x86_64.rpm expat-devel-2.2.9-4.oe1.x86_64.rpm expat-2.2.9-4.oe1.x86_64.rpm expat-debugsource-2.2.9-4.oe1.x86_64.rpm expat-2.2.9-4.oe1.x86_64.rpm expat-debugsource-2.2.9-4.oe1.x86_64.rpm expat-debuginfo-2.2.9-4.oe1.x86_64.rpm expat-devel-2.2.9-4.oe1.x86_64.rpm expat-debugsource-2.2.9-4.oe1.x86_64.rpm expat-devel-2.2.9-4.oe1.x86_64.rpm expat-debuginfo-2.2.9-4.oe1.x86_64.rpm expat-2.2.9-4.oe1.x86_64.rpm In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 2022-01-18 CVE-2021-45960 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22825 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22827 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22822 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22826 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22823 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 2022-01-18 CVE-2022-22824 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490 In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. 2022-01-18 CVE-2021-46143 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H expat security update 2022-01-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1490