ID

VAR-202202-0114

CVE

CVE-2022-25236

TITLE

Red Hat Security Advisory 2022-1622-01

DESCRIPTION

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. There is a security vulnerability before Expat2.4.5, which can be exploited by an attacker to insert a namespace separator into a namespace URI. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2000478 - Using deprecated 1.25 API calls 2022742 - NNCP creation fails when node of a cluster is unavailable 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028619 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+ 2029359 - NodeNetworkConfigurationPolicy refreshes all the conditions even if the policy has not gone to that state 2032837 - Add/remove label to priority class are not reconciled properly left HCO in Unknown status. 2033385 - Bug in kubernetes labels that are attached to the CNV logs 2038814 - [CNV-4.10-rhel9] hyperconverged-cluster-cli-download pod CrashLoopBackOff state 2039019 - Fix Top consumers dashboard 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046686 - Importer pod keeps in retarting when dataimportcron has a reference to invalid image sha 2049990 - must-gather: must-gather is logging errors about upstream only namespaces 2053390 - No DataImportCron for CentOS 7 2054778 - PVC created with filesystem volume mode in some cases, instead of block volume mode 2054782 - DataImportCron status does not show failure when failing to create dataSource 2055304 - [4.10.z] nmstate interprets interface names as float64 and subsequently crashes on state update 2055950 - cnv installation should set empty node selector for openshift-cnv namespace 2056421 - non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume" 2056464 - nmstate-webhook pods getting scheduled on the same node 2056619 - [4.10.z] kubemacpool-mac-controller-manager not ready 2057142 - CDI aggregate roles missing some types 2057148 - Cross namespace smart clone may get stuck in NamespaceTransferInProgress phase 2057613 - nmpolicy capture - race condition when appying teardown nncp; nnce fails 2059185 - must-gather: Must-gather gather_vms_details is not working when used with a list of vms 2059613 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2062227 - sriovLiveMigration should not be enabled on sno clusters 2062321 - when update attempt of hco.spec with storage classes failed, csv git stuck in installing state 2063991 - On upgraded cluster, "v2v-vmware" is present under hco.status.relatedObject 2065308 - CNV disables LiveMigration FG, but leaves LiveMigration workloadUpdateStrategy enabled 2065743 - 4.10.1 containers 2065755 - 4.10.1 rpms 2066086 - DataImportCrons do not automatically recover from unconfigured default storage class 2066712 - [4.10.z] Migration of vm from VMware reports pvc not large enough 2069055 - [4.10.z] On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2070050 - [4.10.1] Custom guest PCI address and boot order parameters are not respected in a list of multiple SR-IOV NICs 2073880 - Cannot create VM on SNO cluster as live migration feature is not enabled 2077920 - Migration in sequence can be reported as failed even when it succeeded 2078878 - SSP: Common templates fix to pick right templates 5. ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022 expat vulnerabilities and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2 Advisory ID: RHSA-2022:1053-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:1053 Issue date: 2022-03-24 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux 8.5.0.3. (BZ#2048407) * Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 2034626 - Upgrade elfutils to elfutils-0.185-1.el8 2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2057048 - consume libvirt fix for: Failed to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by Too many open files from libvirtd 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: elfutils-0.185-1.el8.src.rpm redhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm x86_64: elfutils-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debugsource-0.185-1.el8.x86_64.rpm elfutils-devel-0.185-1.el8.x86_64.rpm elfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm elfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm redhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyObtzjgjWX9erEAQgVfRAAkn+C8psWL5puBda6ty9qD6KjY6BMGqH+ us3YStx9Dk/frDv1eRHtQd0pNNPfNNvah3Y/OraXEbX8DfiMczGL/3ESHXnlNl8b l0BE08QeJig4Q2WIOwcGyyB4jIepDt+bilDKSck+f84UN+mgk/Iqn8XvKE8WnRwk TebToONC7hwnSjdHt1XlF6pEqpAo5XOpwCfzpGNmVWvt3Ddgas2EE6eUkFNaKOBN UFe1ZTyvSgZpmr4Kxx7AoF3+CnnEJb8lCrRG71cVsPLHBAiwcEMOQN8yfCqj30il DhCWhchX7OcVwJBhOLUR87SheaUxhfLJAaieyW4gisbot5KbWZgM0GTt0Lr2/z7G CLuFzXwFZGjsljH7iXRjdDt/8D7CThMTF+6jkkW+jJuVYFyCh12OTAmSd9LJ8xB4 jfvj3ow7Gmrzn9QN67DcqTQ+DHWEvUScy8qfs0lAz1XatPi2tf2dNO/IxSdz/bV3 /mBkMOYbYPgSeT/6i7m2pp+3iXq6QZfAFIvVaqolVWZOuBbX8cU+XOUcrQvT+L5Y NNlrSJvxZ4VVaaHbqudizFYvkni12V8tQe7uPsNpTJi3iTc8ShtoTtGTiUPE7mff fhB9jEGy0yuIEg0VlokjRCEo5Q3D5xfPPQZeTOEiAciksQJn6PhjR9MuaxtXEYqq +Ej7k5UtzjI=TqDc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. 8) - aarch64, ppc64le, s390x, x86_64 3. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. 8.2) - aarch64, ppc64le, x86_64 3. Description: Expat is a C library for parsing XML documents

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow, code execution

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-04-08T21:49:13.325000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE