ID

VAR-202202-0101

CVE

CVE-2022-25314

TITLE

Red Hat Security Advisory 2022-5909-01

DESCRIPTION

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. Security fixes: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630 golang: io/fs: stack exhaustion in Glob * CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working * CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 3. Bugs fixed (https://bugzilla.redhat.com/): 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 3.71 enhancement and security update Advisory ID: RHSA-2022:5704-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:5704 Issue date: 2022-07-25 CVE Names: CVE-2021-40528 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29173 CVE-2022-29824 ==================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Release of ACS 3.71 provides these changes: Security Fix(es): * go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. New Features: * New RHACS dashboard and widgets * New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default. * New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default. * Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group. * List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment. * Alpine 3.16 support for Scanner Enhancements: * Change to roxctl image scan behavior: The default value for the - --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard. Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF. Deprecated features: * RenamePolicyCategory and DeletePolicyCategory API endpoints * Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent * Retrieving groups by property * vulns fields of storage.Node object in response payload of v1/nodes * /v1/cves/suppress and /v1/cves/unsuppress Removed features: * Anchore, Tenable, and Docker Trusted Registry integrations * External authorization plug-in for scoped access control * FROM option in the Disallowed Dockerfile line policy field * PodSecurityPolicy (PSP) Kubernetes objects 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root 5. JIRA issues fixed (https://issues.jboss.org/): ROX-11898 - Release RHACS 3.71.0 6. References: https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29173 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR V/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF 08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c mlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc F9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ iu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P 6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD wEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u XS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe 3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP 2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ +tIPRnmepo8=I5j4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security fix: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS Bug fixes: * Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856) * RHACM 2.3.12 images (BZ# 2101411) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5085-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Debian Bug : 1005894 1005895 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022 expat vulnerabilities and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6 In general, a standard system update will make all the necessary changes. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

arbitrary

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-26T20:12:10.205000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE