- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202209-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Expat: Multiple Vulnerabilities
Date: September 29, 2022
Bugs: #791703, #830422, #831918, #833431, #870097
ID: 202209-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Expat, the worst of
which could result in arbitrary code execution.

Background
==========

Expat is a set of XML parsing libraries.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.4.9 >= 2.4.9

Description
===========

Multiple vulnerabilities have been discovered in Expat. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Expat users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/expat-2.4.9"

References
==========

[ 1 ] CVE-2021-45960
https://nvd.nist.gov/vuln/detail/CVE-2021-45960
[ 2 ] CVE-2021-46143
https://nvd.nist.gov/vuln/detail/CVE-2021-46143
[ 3 ] CVE-2022-22822
https://nvd.nist.gov/vuln/detail/CVE-2022-22822
[ 4 ] CVE-2022-22823
https://nvd.nist.gov/vuln/detail/CVE-2022-22823
[ 5 ] CVE-2022-22824
https://nvd.nist.gov/vuln/detail/CVE-2022-22824
[ 6 ] CVE-2022-22825
https://nvd.nist.gov/vuln/detail/CVE-2022-22825
[ 7 ] CVE-2022-22826
https://nvd.nist.gov/vuln/detail/CVE-2022-22826
[ 8 ] CVE-2022-22827
https://nvd.nist.gov/vuln/detail/CVE-2022-22827
[ 9 ] CVE-2022-23852
https://nvd.nist.gov/vuln/detail/CVE-2022-23852
[ 10 ] CVE-2022-23990
https://nvd.nist.gov/vuln/detail/CVE-2022-23990
[ 11 ] CVE-2022-25235
https://nvd.nist.gov/vuln/detail/CVE-2022-25235
[ 12 ] CVE-2022-25236
https://nvd.nist.gov/vuln/detail/CVE-2022-25236
[ 13 ] CVE-2022-25313
https://nvd.nist.gov/vuln/detail/CVE-2022-25313
[ 14 ] CVE-2022-25314
https://nvd.nist.gov/vuln/detail/CVE-2022-25314
[ 15 ] CVE-2022-25315
https://nvd.nist.gov/vuln/detail/CVE-2022-25315
[ 16 ] CVE-2022-40674
https://nvd.nist.gov/vuln/detail/CVE-2022-40674

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202209-24

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmM1qqsACgkQFMQkOaVy +9mUJxAAz7qsL3mUzB1wTNOPW6V5saLj2SbIyL/df4O5a8wOJtpjUeLwmHBrv009 DVFiCJc4IeGORX0K6ohU8vcJOiEqzzcg8bPTiQB6i4qksvzJf8pKRr88XG/LPd+9 ufPX4q3hwcQvWc4L9ke0StML1Tg5Wnx/liAP8HuW436ckHzuBnh/2Jytc/V/rbaI a7F1ySUMqiJ8OQ1EQEK0piHSZHkQzh+KefGjprPMziy95oslByyaKvtnHYzE9mKm 3uamJKE47oEeX8esbd0wDc3A9liM2kUPBTJvqgqmk1qX7UYFAE/yLlWdPA0T+EbR CwoWn9l6jCjGokeJVAW8i1XQ8DFqvRlbYEXDhobIe69keqBEk4G3DoQhyLJpmK6H wyIbatnufTyr61ynibXnnQU17pvBwGZ/woFRh3Ao+A2QGHunKkOt0DQ3zRutNmDA PrIg6DcVyzVuqDJ0VmUhmChzK+NFKOX/J3jpd6PMcHY5doVtEoEtM4BkQX0G8IBD 9u1pWwy4sAznYr1qbloW8gELsF+yn9FbioTVFx4KBkPHbB3+JBWYySaM1mujc+nj H1hiCWCR3EUbLgaiwVyiFaDO7ZfS73t+GmGgjn4q3HfEvkpRpfUG7iV3TtcJ52tk 6f23OQmE/QPudDTDq+80maj/EsWuFcvNH770+RycbkrwVwb6Ha0=
=C4GF
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)