ID

VAR-202202-0114

CVE

CVE-2022-25236

TITLE

Expat  Vulnerability in leaking resources to the wrong area in

DESCRIPTION

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Expat ( alias libexpat) Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability before Expat2.4.5, which can be exploited by an attacker to insert a namespace separator into a namespace URI. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5085-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Debian Bug : 1005894 1005895 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022 expat vulnerabilities and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6 In general, a standard system update will make all the necessary changes. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409) 4. Description: Expat is a C library for parsing XML documents. 8) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2022:0850-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0850 Issue date: 2022-03-14 CVE Names: CVE-2022-0566 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * Mozilla: Use-after-free in text reflows (CVE-2022-26381) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383) * Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384) * Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387) * thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) * Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-91.7.0-2.el7_9.src.rpm x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-91.7.0-2.el7_9.src.rpm ppc64le: thunderbird-91.7.0-2.el7_9.ppc64le.rpm thunderbird-debuginfo-91.7.0-2.el7_9.ppc64le.rpm x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-91.7.0-2.el7_9.src.rpm x86_64: thunderbird-91.7.0-2.el7_9.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0566 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYi9as9zjgjWX9erEAQi0VA/8DmqELriNmt2kTcKBgMz/PkowFKQVVLE9 Z4xLkVnFBjSYiHsyXBwFlNBJPK1ywvizchEFsj3hkv7+05xJTGLjrvyEaGquYv36 ol+Yrq5hzVATmfC9AivXQLew4+10cqBX5Hl/KoxIsLmn1k+7K0OV5PUo41WaYIYn znNLekFIYpWBe6HmqEs7eErS9TGR6t91o/4iUd2p4LgxEMmJhcZ32clA0k2sWQoC t96wqwaFdYo7SWekWEIsjLu9TjXCZ2QITzxA1gQG0ZymWuaOhpSCoaeu7O3KGy9E j9D5UhAGmWxSWiSMJ2+AP4E4t4CXJ5poE9+T3hgsevt9Lr24Cr9QK77w6/gxpLpj /zuR86oImk/FcnTBE+EY5TNgpPusbMQXZHD0OfmxRqO3TZn8n0mURRBgxkJJPpkb AJX93daJu2FQyRQBRi/WQKbBpi8VKZpmdVIP8i/ZujiKWDzYuwnij4o0/JOTnH5P agTu9G32WnAemVXUK6IlNZamM6IODof4uY7L1A1AtQkpDSzIQ5PpHbxEgtp0NqDO tTBogkwaB3Mkvme2fZ6wu2ALaaJuhnDrA332gITVz9tQ6TJL/M3Z1f0X4007yTSH uPebIvMc7O15OJL1AI7U29MitAXTDqkWoSP8ECMli7w1Ro3cBr/VNQicmkZZyJ3h A8Mb2SG3B+I= =7pc/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, ppc64le, x86_64 3

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow, code execution

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-07T22:16:36.133000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE