USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43680)
This update also fixes a minor regression introduced in
Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
It was discovered that APR-util did not properly handle memory when using
SDBM database files. A local attacker with write access to the database
can make a program or process using these functions crash, and cause a
denial of service.
A potential bug is found on libetpan that when IMAP client receives invalid STATUS response, an invalid free can occur on mailimap_mailbox_data_status_free(). This bug is now assigned as CVE-2022-4121. Although the formal fix is under discussion, this update rpm adds a quick fix for this issue.
