Operating System:

[RedHat]

Published:

02 July 2022

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2022.3224 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.3224
                           expat security update
                                2 July 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           expat
Publisher:         Red Hat
Operating System:  Red Hat
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-25314 CVE-2022-25313 

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2022:5244

Comment: CVSS (Max):  7.5 CVE-2022-25314 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: expat security update
Advisory ID:       RHSA-2022:5244-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5244
Issue date:        2022-06-28
CVE Names:         CVE-2022-25313 CVE-2022-25314 
=====================================================================

1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: stack exhaustion in doctype parsing (CVE-2022-25313)

* expat: integer overflow in copyString() (CVE-2022-25314)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing
2056354 - CVE-2022-25314 expat: integer overflow in copyString()

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:
expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm
expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm
expat-devel-2.2.10-12.el9_0.2.aarch64.rpm

ppc64le:
expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm
expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm
expat-devel-2.2.10-12.el9_0.2.ppc64le.rpm

s390x:
expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm
expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm
expat-devel-2.2.10-12.el9_0.2.s390x.rpm

x86_64:
expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm
expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm
expat-debugsource-2.2.10-12.el9_0.2.i686.rpm
expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm
expat-devel-2.2.10-12.el9_0.2.i686.rpm
expat-devel-2.2.10-12.el9_0.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:
expat-2.2.10-12.el9_0.2.src.rpm

aarch64:
expat-2.2.10-12.el9_0.2.aarch64.rpm
expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm
expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm

ppc64le:
expat-2.2.10-12.el9_0.2.ppc64le.rpm
expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm
expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm

s390x:
expat-2.2.10-12.el9_0.2.s390x.rpm
expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm
expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm

x86_64:
expat-2.2.10-12.el9_0.2.i686.rpm
expat-2.2.10-12.el9_0.2.x86_64.rpm
expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm
expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm
expat-debugsource-2.2.10-12.el9_0.2.i686.rpm
expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25313
https://access.redhat.com/security/cve/CVE-2022-25314
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYr6jyNzjgjWX9erEAQgJLRAAoVmyqE4rn7jkdGdGSAYul2o8FPyxaXqR
s+y3gIgEQCU6smafoEjBMGwL2AmHxZdsVVc+IxI8SsVK6MsPTGvaHLQaGHrKiDpP
pfds/XtRpf6VxF5CpxBF6VV88oruAwbm0GzWIP9kEa6FoXXUlQ9JkUJQYvKglWby
wpzmjijQXzBvCVGl5q9JZ0iJY3ksQedRNxnVvi6CoPLbUoUXTdj87uyyPD/CHevd
DzzNacxrminV287qhJb8n8mej2gYpIwsYk6HEMSig/TiMqUWNmV76WPKedhaqp/V
4SoQeL2CSX0Hs2PwYgRWXQmo96yLd2HHvOqySEhZFuE+dgX+yqiBHPuR2WoXfp4L
AkUBJsXb3LPYnDN838SJSwKP2t6KKu9ONTr2j8c46XEXtQpXyiIEPlwa0kgvMi/t
75NMHEOc4A6TDTE5sLyCIL34RLz6mHFQBPPRefHEZJpzZpxf8ZcXgfdb4nFLhHWq
vp2voHxaL+LGZKMy6ZqRSPTKEQKIoeqqGHJjR4+0xdC2uyiMi+kEBvuqLtxghpoN
9aRItq4sH2yCe4e1Axl7vzEnOHY1JKdFNTiMNTFHMg8Tu2JERL5KSHUxGi1XaXcy
f2XKCezVVoVLu8UoTXC7/jiUjMB3YTDYeGoxiiO5XMUifZNVUkubDjtFqYDJ992L
SjHsc4yc1oU=
=f4B9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYr90RskNZI30y1K9AQj0WRAAlfgpWB5WkiqXd6Fk3jEKFThxsKzq0tcB
fMbdgzvip6lJPe++k+JOtPcBIZi+omblgj8vMKrvaBqDZNeBuzHTf36GCP7qS4a5
xcKJBD7H59JKumVcDORBf5Zyqs4gGz5CzvSBLhStPyuQYgKYGWG7PdO7q3nPwukp
PJ2A/lNibvPfX2gXM2MHFh/ZHFU9OgoBA/tLjwwTLnkRG06Eu+K2BmtyK+6zFYoL
n02ZenfTdgTOOXICZm4j7QOwWbiZ/ak9jsdH8S3XhDEsMZ6VQ3z/5R5DMPoczQfE
J2308ejH6Anhe3zN1JW0lVK3NVSqQavoEcxNz1HQy3Gk6TSWvXAhnSaxIt+XJ9NV
J5wl+ekhwm+m+TQvNBMlXMOHL2QPHcsyFKyF1DYYdyiAEOI9NWWXNUDQ6gDr2d6H
lHQXxe642teLtg7quJabja12h4APZOA5uk+G6HNYoWITefG3TA2+ovMR0gxI0khr
7sCMyhVv1kZMxyE45OpFrDOVq1LDAc+l3AQdY7tL+640x1PNV7ApGJ78EJAQVM31
kp3AwPYzhCxLW1wGZY+BF/NoPUJyD1w1MwqIwE95wFfNOkAq2db+K9Yi/0LJIzo4
wqXfIxod5O2uFoG1oyadwC5Suxj0WqrxfpmQAVsN42VuDgzsluXywCRuCZmTgCCD
B/zCl93itx4=
=JLF1
-----END PGP SIGNATURE-----