Security update for expat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3515-1 Final 1 1 2024-10-03T11:33:36Z current 2024-10-03T11:33:36Z 2024-10-03T11:33:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for expat This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2024-3515,Container suse/sle-micro/5.1/toolbox:latest-2024-3515,Container suse/sle-micro/5.2/toolbox:latest-2024-3515,Image SLES15-SP3-BYOS-Azure-2024-3515,Image SLES15-SP3-BYOS-EC2-HVM-2024-3515,Image SLES15-SP3-BYOS-GCE-2024-3515,Image SLES15-SP3-HPC-BYOS-Azure-2024-3515,Image SLES15-SP3-HPC-BYOS-EC2-HVM-2024-3515,Image SLES15-SP3-HPC-BYOS-GCE-2024-3515,Image SLES15-SP3-Micro-5-1-BYOS-Azure-2024-3515,Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM-2024-3515,Image SLES15-SP3-Micro-5-1-BYOS-GCE-2024-3515,Image SLES15-SP3-Micro-5-2-BYOS-Azure-2024-3515,Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM-2024-3515,Image SLES15-SP3-Micro-5-2-BYOS-GCE-2024-3515,Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2024-3515,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2024-3515,Image SLES15-SP3-SAP-BYOS-Azure-2024-3515,Image SLES15-SP3-SAP-BYOS-EC2-HVM-2024-3515,Image SLES15-SP3-SAP-BYOS-GCE-2024-3515,Image SLES15-SP3-SAPCAL-Azure-2024-3515,Image SLES15-SP3-SAPCAL-EC2-HVM-2024-3515,Image SLES15-SP3-SAPCAL-GCE-2024-3515,SUSE-2024-3515,SUSE-SUSE-MicroOS-5.1-2024-3515,SUSE-SUSE-MicroOS-5.2-2024-3515 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243515-1/ Link for SUSE-SU-2024:3515-1 https://lists.suse.com/pipermail/sle-security-updates/2024-October/019545.html E-Mail link for SUSE-SU-2024:3515-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229931 SUSE Bug 1229931 https://bugzilla.suse.com/1229932 SUSE Bug 1229932 https://www.suse.com/security/cve/CVE-2024-45490/ SUSE CVE CVE-2024-45490 page https://www.suse.com/security/cve/CVE-2024-45491/ SUSE CVE CVE-2024-45491 page https://www.suse.com/security/cve/CVE-2024-45492/ SUSE CVE CVE-2024-45492 page Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.1/toolbox:latest Container suse/sle-micro/5.2/toolbox:latest Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-EC2-HVM Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-EC2-HVM Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Micro-5-1-BYOS-Azure Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-1-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-EC2-HVM Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 libexpat1-2.2.5-150000.3.30.1 expat-2.2.5-150000.3.30.1 libexpat-devel-2.2.5-150000.3.30.1 libexpat-devel-32bit-2.2.5-150000.3.30.1 libexpat-devel-64bit-2.2.5-150000.3.30.1 libexpat1-32bit-2.2.5-150000.3.30.1 libexpat1-64bit-2.2.5-150000.3.30.1 libexpat1-2.2.5-150000.3.30.1 as a component of Container suse/sle-micro-rancher/5.2:latest libexpat1-2.2.5-150000.3.30.1 as a component of Container suse/sle-micro/5.1/toolbox:latest libexpat1-2.2.5-150000.3.30.1 as a component of Container suse/sle-micro/5.2/toolbox:latest libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-BYOS-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-BYOS-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-BYOS-GCE libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-HPC-BYOS-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-HPC-BYOS-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-HPC-BYOS-GCE libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-GCE libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-GCE expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-Azure expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-GCE libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAP-BYOS-GCE expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-Azure libexpat-devel-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-Azure libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-Azure expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM libexpat-devel-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM expat-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-GCE libexpat-devel-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-GCE libexpat1-2.2.5-150000.3.30.1 as a component of Image SLES15-SP3-SAPCAL-GCE libexpat1-2.2.5-150000.3.30.1 as a component of SUSE Linux Enterprise Micro 5.1 libexpat1-2.2.5-150000.3.30.1 as a component of SUSE Linux Enterprise Micro 5.2 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVE-2024-45490 Container suse/sle-micro-rancher/5.2:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.1/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.2/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243515-1/ https://www.suse.com/security/cve/CVE-2024-45490.html CVE-2024-45490 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45491 Container suse/sle-micro-rancher/5.2:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.1/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.2/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243515-1/ https://www.suse.com/security/cve/CVE-2024-45491.html CVE-2024-45491 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229931 SUSE Bug 1229931 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45492 Container suse/sle-micro-rancher/5.2:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.1/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Container suse/sle-micro/5.2/toolbox:latest:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-HPC-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAP-BYOS-GCE:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-Azure:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libexpat1-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:expat-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat-devel-2.2.5-150000.3.30.1 Image SLES15-SP3-SAPCAL-GCE:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.30.1 SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243515-1/ https://www.suse.com/security/cve/CVE-2024-45492.html CVE-2024-45492 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229932 SUSE Bug 1229932