Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5085-2:292DA
HistoryMar 13, 2022 - 3:15 p.m.

[SECURITY] [DSA 5085-2] expat regression update

2022-03-1315:15:49
lists.debian.org
48
JSON

Debian Security Advisory DSA-5085-2 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2022 https://www.debian.org/security/faq

Package : expat

The update for expat released as DSA 5085-1 introduced regressions for
applications using URI characters (':' in particular) for a namespace
separator (while the HTML API docs of function XML_ParserCreateNS have
been advising against their use). Updated expat packages are now
available which relax the fix for CVE-2022-25236 with regard to RFC 3986
URI characters.

For the oldstable distribution (buster), this problem has been fixed
in version 2.2.6-2+deb10u4.

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.10-2+deb11u3.

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/expat

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10armellibexpat1< 2.2.6-2+deb10u4libexpat1_2.2.6-2+deb10u4_armel.deb
Debian11arm64libexpat1-dev< 2.2.10-2+deb11u3libexpat1-dev_2.2.10-2+deb11u3_arm64.deb
Debian11mips64elexpat< 2.2.10-2+deb11u3expat_2.2.10-2+deb11u3_mips64el.deb
Debian11mipselexpat-dbgsym< 2.2.10-2+deb11u3expat-dbgsym_2.2.10-2+deb11u3_mipsel.deb
Debian10armhflibexpat1-udeb< 2.2.6-2+deb10u4libexpat1-udeb_2.2.6-2+deb10u4_armhf.deb
Debian11amd64libexpat1-dev< 2.2.10-2+deb11u3libexpat1-dev_2.2.10-2+deb11u3_amd64.deb
Debian10mipselexpat-dbgsym< 2.2.6-2+deb10u4expat-dbgsym_2.2.6-2+deb10u4_mipsel.deb
Debian10mips64ellibexpat1-dev< 2.2.6-2+deb10u4libexpat1-dev_2.2.6-2+deb10u4_mips64el.deb
Debian10s390xexpat-dbgsym< 2.2.6-2+deb10u4expat-dbgsym_2.2.6-2+deb10u4_s390x.deb
Debian11i386expat-dbgsym< 2.2.10-2+deb11u3expat-dbgsym_2.2.10-2+deb11u3_i386.deb
Rows per page:
1-10 of 1161

Related

veracode 1
alpinelinux 1
openvas 39
cbl_mariner 2
nessus 68
broadcom 1
checkpoint_advisories 1
prion 1
debiancve 1
redhatcve 1
cve 1
suse 3
cnvd 1
osv 9
ubuntucve 1
githubexploit 1
fedora 6
amazon 3
photon 6
redhat 21
oraclelinux 5
ibm 10
f5 1
ubuntu 1
cloudfoundry 1
redos 1
debian 2
mageia 2
slackware 1
almalinux 3
centos 2
rocky 2
veracode
veracode
Privilege Escalation
2022-02-17 09:52:08
alpinelinux
alpinelinux
CVE-2022-25236
2022-02-16 01:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0844-1)
2022-03-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0842-1)
2022-03-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:14934-1)
2022-04-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-25236 affecting package expat 2.4.4-1
2022-03-09 18:31:42
CVE-2022-25236 affecting package expat 2.4.3-2
2022-04-26 20:17:03
nessus
nessus
CentOS 9 : xmlrpc-c-1.51.0-16.el9
2024-02-29 00:00:00
SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2022:0844-1)
2022-03-16 00:00:00
openSUSE 15 Security Update : expat (openSUSE-SU-2022:0844-1)
2022-03-17 00:00:00
broadcom
broadcom
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
2023-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Expat XML Parser Remote Code Execution (CVE-2022-25236)
2022-08-15 00:00:00
prion
prion
Design/Logic Flaw
2022-02-16 01:15:00
debiancve
debiancve
CVE-2022-25236
2022-02-16 01:15:00
redhatcve
redhatcve
CVE-2022-25236
2022-02-21 05:51:26
cve
cve
CVE-2022-25236
2022-02-16 01:15:00
suse
suse
Security update for expat (important)
2022-03-15 00:00:00
Security update for expat (important)
2022-03-04 00:00:00
Security update for expat (important)
2022-07-06 00:00:00
cnvd
cnvd
Expat has an unspecified vulnerability (CNVD-2022-18357)
2022-02-21 00:00:00
osv
osv
CVE-2022-25236
2022-02-16 01:15:07
expat vulnerabilities and regression
2022-03-10 13:19:12
expat - security update
2022-03-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-25236
2022-02-15 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Resource to Wrong Sphere in Libexpat Project Libexpat
2022-05-06 05:19:11
fedora
fedora
[SECURITY] Fedora 35 Update: thunderbird-91.7.0-1.fc35
2022-03-17 15:49:04
[SECURITY] Fedora 36 Update: thunderbird-102.7.1-2.fc36
2023-02-03 01:42:19
[SECURITY] Fedora 34 Update: thunderbird-91.7.0-1.fc34
2022-03-18 19:15:01
amazon
amazon
Critical: expat
2022-03-09 22:13:00
Critical: expat
2022-03-09 22:48:00
Important: thunderbird
2022-04-25 22:56:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0444
2022-02-25 00:00:00
Critical Photon OS Security Update - PHSA-2022-0157
2022-02-21 00:00:00
Critical Photon OS Security Update - PHSA-2022-0475
2022-02-25 00:00:00
redhat
redhat
(RHSA-2022:1070) Important: expat security update
2022-03-28 08:46:43
(RHSA-2022:1068) Important: expat security update
2022-03-28 08:40:33
(RHSA-2022:1309) Important: expat security update
2022-04-11 15:03:41
oraclelinux
oraclelinux
expat security update
2022-05-06 00:00:00
firefox security update
2022-03-10 00:00:00
firefox security and bug fix update
2022-03-10 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
2022-03-15 15:35:35
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server
2022-03-08 21:40:46
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities
2022-04-29 19:27:25
f5
f5
K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315
2022-04-30 00:00:00
ubuntu
ubuntu
Expat vulnerabilities and regression
2022-03-10 00:00:00
cloudfoundry
cloudfoundry
USN-5320-1: Expat vulnerabilities and regression | Cloud Foundry
2022-04-21 00:00:00
redos
redos
ROS-20220225-01
2022-02-25 00:00:00
debian
debian
[SECURITY] [DSA 5085-1] expat security update
2022-02-22 20:17:14
[SECURITY] [DLA 2935-1] expat security update
2022-03-07 13:35:55
mageia
mageia
Updated expat packages fix security vulnerability
2022-02-22 23:15:16
Updated firefox/nss/rootcerts packages fix security vulnerability
2022-04-29 01:46:19
slackware
slackware
[slackware-security] expat
2022-02-20 05:16:42
almalinux
almalinux
Important: mingw-expat security update
2022-11-08 00:00:00
Critical: firefox security update
2022-03-10 14:36:51
Important: thunderbird security update
2022-03-14 09:49:10
centos
centos
firefox security update
2022-03-29 13:53:09
thunderbird security update
2022-03-29 13:54:14
rocky
rocky
firefox security update
2022-03-10 14:36:51
thunderbird security update
2022-03-14 09:49:10
JSON
Related for DEBIAN:DSA-5085-2:292DA
veracode1alpinelinux1openvas39cbl_mariner2nessus68broadcom1checkpoint_advisories1prion1debiancve1redhatcve1cve1suse3cnvd1osv9ubuntucve1githubexploit1fedora6amazon3photon6redhat21oraclelinux5ibm10f51ubuntu1cloudfoundry1redos1debian2mageia2slackware1almalinux3centos2rocky2