ID

VAR-202202-0050

CVE

CVE-2022-25235

TITLE

Expat  Encoding and escaping vulnerabilities in

DESCRIPTION

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Expat ( alias libexpat) Exists in encoding and escaping vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Background ========= Expat is a set of XML parsing libraries. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. Summary: The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page 5. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Bugs fixed (https://bugzilla.redhat.com/): 2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: xmlrpc-c security update Advisory ID: RHSA-2022:1540-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1540 Issue date: 2022-04-26 CVE Names: CVE-2022-25235 ===================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xmlrpc-c-1.51.0-5.el8_2.1.src.rpm aarch64: xmlrpc-c-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmga9tzjgjWX9erEAQiBNg/9GM5tS+fh5NKoFDWH6r0YxnVsL2IPedN1 AV1KYGoJsAPU1z0MtZixPj5dNxKqcSomgl7GpLO4jkOKMhHktCipVS5tOzpGspY5 nAUKk5ANRH7AeQUJAnP0IaO28cVVerLZvk/ZxA5XcXCcdM8WofjQ8aXKk69T6ctX rKWR9Xw7MpOXxpV9xu2t+eU4MGeuONfqNclUYolUFpYv6JrPdzLCWmXNixCQGAPW D9d2gbLt80L+Z5JkBzZWSkSpItrQs3BD6wcgQIFxl7tgbOlsgo4H7qX4N4g1QgL+ 1V4E+fxlhnAg0vL4g7RG+GkfEesjJXEiUWFbd02beqWy4+G2B1GEYdH0HCp5NffH Y1RRz2hmaOh4QRBNnpvLQvKazqyGrLnk8bAQQIiYjNqceqR4IKYSMYlsHes7v1MJ 7/k6EKs3FrXlcJWpjwNXt2xHWw5Py9rIrlEMiS4ag0tbAhFPscs0TkFeAPCxSVtr oZRTOhwv/wHUb57/V9xMDr6POK5rLB3I2mb8L61169/ph+BM4NIziaDfr4q/5nvx oqWuxe99Q1GTX6+AoeGlZLkp4GY11/tRT+ZaLvNqsWZV98FUeJcXJAh/X0qaYcuF xAI5xHHv56GPOqGMwxEZO17TxeA35WDLvsYjM3mVfLblWsM4FGjKVBdqMBR9o0rn SA1L555kQjg= =Cvpq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

code execution

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-11-23T20:14:03.138000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE