Slackware 1129 Published by

An expat security update has been released for Slackware 14.0, 14.1, 14.2, and -current.



slackware-security: expat (SSA:2022-016-01)



[slackware-security] expat (SSA:2022-016-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.4.3-i586-1_slack14.2.txz: Upgraded.
Fix issues with left shifts by >=29 places resulting in:
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
Fix integer overflow on variable m_groupSize in function doProlog leading
to realloc acting as free. Impact is denial of service or other undefined
behavior.
Prevent integer overflows near memory allocation at multiple places.
For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(  http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on   http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
  ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
  ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
  ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
  ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.3-i586-1.txz

Updated package for Slackware x86_64 -current:
  ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.3-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 14.0 package:
221489b3cc531df86e938f4b5f86f333 expat-2.4.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
567acea852c48adddc4ddb54d7d31b8c expat-2.4.3-x86_64-1_slack14.0.txz

Slackware 14.1 package:
955d3d04dbe44c58328003e29ab83cef expat-2.4.3-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
cdedf19fe237eb09786d54c8295658fc expat-2.4.3-x86_64-1_slack14.1.txz

Slackware 14.2 package:
dc1121c0f3c2e331ee162586103bc61d expat-2.4.3-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
0476a33c23c7398cce3f48c508538d56 expat-2.4.3-x86_64-1_slack14.2.txz

Slackware -current package:
170535aa026a821b7434a3a4a6987b41 l/expat-2.4.3-i586-1.txz

Slackware x86_64 -current package:
6b978051bba045d94e53890bc5289f49 l/expat-2.4.3-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg expat-2.4.3-i586-1_slack14.2.txz