Lucene search

Slackware Linux ProjectSSA-2022-027-01

HistoryJan 27, 2022 - 10:58 p.m.

[slackware-security] expat

2022-01-2722:58:35

Slackware Linux Project

www.slackware.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

79.0%

JSON

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/expat-2.4.3-i586-3_slack14.2.txz: Rebuilt.
Prevent integer overflow in doProlog.
For more information, see:
https://vulners.com/cve/CVE-2022-23990
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-3_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-3_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-3_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-3_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.3-i586-3.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.3-x86_64-3.txz

MD5 signatures:

Slackware 14.0 package:
83ad43bedb960f951754cefce7bf6ec5 expat-2.4.3-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
35256593bf5efc25125904b30fd71304 expat-2.4.3-x86_64-3_slack14.0.txz

Slackware 14.1 package:
6a26bd66d2e68fcdee1bc917bab5dc52 expat-2.4.3-i486-3_slack14.1.txz

Slackware x86_64 14.1 package:
6c73ea974f333b4b08a63308bbc16368 expat-2.4.3-x86_64-3_slack14.1.txz

Slackware 14.2 package:
cc4973d5c4956e7a9ae4055648ca063b expat-2.4.3-i586-3_slack14.2.txz

Slackware x86_64 14.2 package:
3ec0df6fa734670368f91d0ab2538d29 expat-2.4.3-x86_64-3_slack14.2.txz

Slackware -current package:
1040ce35ab452a49d02251ed654463b1 l/expat-2.4.3-i586-3.txz

Slackware x86_64 -current package:
9fdb775e2bf314015578044b60dfe481 l/expat-2.4.3-x86_64-3.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg expat-2.4.3-i586-3_slack14.2.txz

OSVersionArchitecturePackageVersionFilename
Slackware14.0i486expat< 2.4.3expat-2.4.3-i486-3_slack14.0.txz
Slackware14.0x86_64expat< 2.4.3expat-2.4.3-x86_64-3_slack14.0.txz
Slackware14.1i486expat< 2.4.3expat-2.4.3-i486-3_slack14.1.txz
Slackware14.1x86_64expat< 2.4.3expat-2.4.3-x86_64-3_slack14.1.txz
Slackware14.2i586expat< 2.4.3expat-2.4.3-i586-3_slack14.2.txz
Slackware14.2x86_64expat< 2.4.3expat-2.4.3-x86_64-3_slack14.2.txz
Slackwarecurrenti586expat< 2.4.3expat-2.4.3-i586-3.txz
Slackwarecurrentx86_64expat< 2.4.3expat-2.4.3-x86_64-3.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	14.0	i486	expat	< 2.4.3	expat-2.4.3-i486-3_slack14.0.txz
Slackware	14.0	x86_64	expat	< 2.4.3	expat-2.4.3-x86_64-3_slack14.0.txz
Slackware	14.1	i486	expat	< 2.4.3	expat-2.4.3-i486-3_slack14.1.txz
Slackware	14.1	x86_64	expat	< 2.4.3	expat-2.4.3-x86_64-3_slack14.1.txz
Slackware	14.2	i586	expat	< 2.4.3	expat-2.4.3-i586-3_slack14.2.txz
Slackware	14.2	x86_64	expat	< 2.4.3	expat-2.4.3-x86_64-3_slack14.2.txz
Slackware	current	i586	expat	< 2.4.3	expat-2.4.3-i586-3.txz
Slackware	current	x86_64	expat	< 2.4.3	expat-2.4.3-x86_64-3.txz