Test ID:	1.3.6.1.4.1.25623.1.0.845249
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5288-1)
Summary:	The remote host is missing an update for the 'expat' package(s) announced via the USN-5288-1 advisory.
Description:	Summary: The remote host is missing an update for the 'expat' package(s) announced via the USN-5288-1 advisory. Vulnerability Insight: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Affected Software/OS: 'expat' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-45960 Debian Security Information: DSA-5073 (Google Search) https://www.debian.org/security/2022/dsa-5073 https://security.gentoo.org/glsa/202209-24 https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 https://github.com/libexpat/libexpat/issues/531 https://github.com/libexpat/libexpat/pull/534 http://www.openwall.com/lists/oss-security/2022/01/17/3 Common Vulnerability Exposure (CVE) ID: CVE-2021-46143 https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 Common Vulnerability Exposure (CVE) ID: CVE-2022-22822 https://github.com/libexpat/libexpat/pull/539 Common Vulnerability Exposure (CVE) ID: CVE-2022-22823 Common Vulnerability Exposure (CVE) ID: CVE-2022-22824 Common Vulnerability Exposure (CVE) ID: CVE-2022-22825 Common Vulnerability Exposure (CVE) ID: CVE-2022-22826 Common Vulnerability Exposure (CVE) ID: CVE-2022-22827 Common Vulnerability Exposure (CVE) ID: CVE-2022-23852 https://security.netapp.com/advisory/ntap-20220217-0001/ https://www.tenable.com/security/tns-2022-05 https://github.com/libexpat/libexpat/pull/550 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2022-23990 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/ https://github.com/libexpat/libexpat/pull/551 Common Vulnerability Exposure (CVE) ID: CVE-2022-25235 https://security.netapp.com/advisory/ntap-20220303-0008/ Debian Security Information: DSA-5085 (Google Search) https://www.debian.org/security/2022/dsa-5085 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ https://github.com/libexpat/libexpat/pull/562 http://www.openwall.com/lists/oss-security/2022/02/19/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-25236 http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html https://github.com/libexpat/libexpat/pull/561
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.