ID

VAR-202202-0114

CVE

CVE-2022-25236

TITLE

Expat Input validation error vulnerability

DESCRIPTION

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. There is a security vulnerability before Expat2.4.5, which can be exploited by an attacker to insert a namespace separator into a namespace URI. For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the containers for the release. Bugs fixed (https://bugzilla.redhat.com/): 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2066009 - CVE-2021-44906 minimist: prototype pollution 2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery 2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery 2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure 5. JIRA issues fixed (https://issues.jboss.org/): OSSM-1435 - Container release for Maistra 2.1.2.1 6. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mingw-expat security update Advisory ID: RHSA-2022:7811-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7811 Issue date: 2022-11-08 CVE Names: CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary: An update for mingw-expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - noarch 3. Description: Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127) Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Stack exhaustion in doctype parsing (CVE-2022-25313) * expat: Integer overflow in copyString() (CVE-2022-25314) * expat: Integer overflow in the doProlog function (CVE-2022-23990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: Stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: Integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 6. Package List: Red Hat CodeReady Linux Builder (v. 8): Source: mingw-expat-2.4.8-1.el8.src.rpm noarch: mingw32-expat-2.4.8-1.el8.noarch.rpm mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm mingw64-expat-2.4.8-1.el8.noarch.rpm mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4 9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9 ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M 4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF 8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i f25ydDFruA4=jL/2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. 8.1) - ppc64le, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation error

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-08-11T20:28:01.061000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE