Headline
RHSA-2022:1012: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- CVE-2022-25315: expat: Integer overflow in storeRawNames()
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-22
Updated:
2022-03-22
RHSA-2022:1012 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Expat is a C library for parsing XML documents.
Security Fix(es):
- expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
- expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
- expat: Integer overflow in storeRawNames() (CVE-2022-25315)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()
- BZ - 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- BZ - 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
x86_64
expat-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 598a8aa0afc3288ff47c0157853e5790f4a99b4c252cfe8775514f02a1d72eef
expat-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: a1bbfbeb62a9c634fb8ae324533eebe14540b6ae9ac8efe7e0f94c2783a3a574
expat-debuginfo-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 73b476d4c08bbb5b0579919b28c80536f4670b31dddccc4f144a828423091a18
expat-debuginfo-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 01984411f775ef46cdd60f91701c14199b65074a60dd238ec9cbbb942e792d91
expat-debugsource-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 476c76e341743b0472b21205c142dd487e599621c5be64c1c30ef07ff051cdb9
expat-debugsource-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 23d666ce4dde8cdb965cbdc352066ed3c4438c232f0b74f1a2674021e9cc1a2c
expat-devel-2.2.5-4.el8_4.2.i686.rpm
SHA-256: e1c8c451821578cc6119ea7c8771e0523c76204ecdb33c16b8582f93f33805eb
expat-devel-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 248a836aec5532d001d37e254078b95f75e5483f17de351e211432844f27b335
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
x86_64
expat-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 598a8aa0afc3288ff47c0157853e5790f4a99b4c252cfe8775514f02a1d72eef
expat-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: a1bbfbeb62a9c634fb8ae324533eebe14540b6ae9ac8efe7e0f94c2783a3a574
expat-debuginfo-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 73b476d4c08bbb5b0579919b28c80536f4670b31dddccc4f144a828423091a18
expat-debuginfo-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 01984411f775ef46cdd60f91701c14199b65074a60dd238ec9cbbb942e792d91
expat-debugsource-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 476c76e341743b0472b21205c142dd487e599621c5be64c1c30ef07ff051cdb9
expat-debugsource-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 23d666ce4dde8cdb965cbdc352066ed3c4438c232f0b74f1a2674021e9cc1a2c
expat-devel-2.2.5-4.el8_4.2.i686.rpm
SHA-256: e1c8c451821578cc6119ea7c8771e0523c76204ecdb33c16b8582f93f33805eb
expat-devel-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 248a836aec5532d001d37e254078b95f75e5483f17de351e211432844f27b335
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
s390x
expat-2.2.5-4.el8_4.2.s390x.rpm
SHA-256: d70b3f3ae471e229468247081910ef2346181c2299359bce2ce142dbc820c362
expat-debuginfo-2.2.5-4.el8_4.2.s390x.rpm
SHA-256: 62d13a156cbc769726f3a7902a87ee3f3b798ff94f1709063e6b3d345e8b476e
expat-debugsource-2.2.5-4.el8_4.2.s390x.rpm
SHA-256: 1d7050b48dd81cd6aa75b40140d8a7231135ef65c46f840abe97441e2815f6a3
expat-devel-2.2.5-4.el8_4.2.s390x.rpm
SHA-256: 105c4852c5f447ed1c54f5a329333ed62f9c0dfc7650e93ab4a773c13fef342e
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
ppc64le
expat-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 1f8dea2d554632a84d6c2bba9c67c2bf24bba97221ae07833f22bd8bf21ab83a
expat-debuginfo-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 7d332fb10b1d989e01bcbf4e5f0a95796c150b057a1e3166dd63eb41c55687da
expat-debugsource-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: a94f7dcf0301ec88ac69bfcc059193812de5bb20a61dc29ca5aa204d73a4bf38
expat-devel-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 38d7dff200122b3f4f6df555dce9b4cbb11ff067a59c323a173bfd21376428d8
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
x86_64
expat-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 598a8aa0afc3288ff47c0157853e5790f4a99b4c252cfe8775514f02a1d72eef
expat-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: a1bbfbeb62a9c634fb8ae324533eebe14540b6ae9ac8efe7e0f94c2783a3a574
expat-debuginfo-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 73b476d4c08bbb5b0579919b28c80536f4670b31dddccc4f144a828423091a18
expat-debuginfo-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 01984411f775ef46cdd60f91701c14199b65074a60dd238ec9cbbb942e792d91
expat-debugsource-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 476c76e341743b0472b21205c142dd487e599621c5be64c1c30ef07ff051cdb9
expat-debugsource-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 23d666ce4dde8cdb965cbdc352066ed3c4438c232f0b74f1a2674021e9cc1a2c
expat-devel-2.2.5-4.el8_4.2.i686.rpm
SHA-256: e1c8c451821578cc6119ea7c8771e0523c76204ecdb33c16b8582f93f33805eb
expat-devel-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 248a836aec5532d001d37e254078b95f75e5483f17de351e211432844f27b335
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
aarch64
expat-2.2.5-4.el8_4.2.aarch64.rpm
SHA-256: 0ba5361d3d4e040cfb9f3ca7bcb4ea2a67cca5545aaa055ea8b16164118c6e34
expat-debuginfo-2.2.5-4.el8_4.2.aarch64.rpm
SHA-256: 58de94b554c33f05f9760cecbb34f9d13117b2f20e6be1fe72e15841f059a265
expat-debugsource-2.2.5-4.el8_4.2.aarch64.rpm
SHA-256: 11f2c250c24295cde5047bfa0dbe4a4cdd61f45b98dd22931b3cebbb7f89fa88
expat-devel-2.2.5-4.el8_4.2.aarch64.rpm
SHA-256: e3f88d83dfc3bcaba4a340ba64a48e43b5ad3b82cfc51a94f7fe086881b64d09
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
ppc64le
expat-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 1f8dea2d554632a84d6c2bba9c67c2bf24bba97221ae07833f22bd8bf21ab83a
expat-debuginfo-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 7d332fb10b1d989e01bcbf4e5f0a95796c150b057a1e3166dd63eb41c55687da
expat-debugsource-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: a94f7dcf0301ec88ac69bfcc059193812de5bb20a61dc29ca5aa204d73a4bf38
expat-devel-2.2.5-4.el8_4.2.ppc64le.rpm
SHA-256: 38d7dff200122b3f4f6df555dce9b4cbb11ff067a59c323a173bfd21376428d8
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4
SRPM
expat-2.2.5-4.el8_4.2.src.rpm
SHA-256: 72bd3638e721c56496a599685a75e4477c2e71fe996ed604c283df0d96c08a89
x86_64
expat-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 598a8aa0afc3288ff47c0157853e5790f4a99b4c252cfe8775514f02a1d72eef
expat-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: a1bbfbeb62a9c634fb8ae324533eebe14540b6ae9ac8efe7e0f94c2783a3a574
expat-debuginfo-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 73b476d4c08bbb5b0579919b28c80536f4670b31dddccc4f144a828423091a18
expat-debuginfo-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 01984411f775ef46cdd60f91701c14199b65074a60dd238ec9cbbb942e792d91
expat-debugsource-2.2.5-4.el8_4.2.i686.rpm
SHA-256: 476c76e341743b0472b21205c142dd487e599621c5be64c1c30ef07ff051cdb9
expat-debugsource-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 23d666ce4dde8cdb965cbdc352066ed3c4438c232f0b74f1a2674021e9cc1a2c
expat-devel-2.2.5-4.el8_4.2.i686.rpm
SHA-256: e1c8c451821578cc6119ea7c8771e0523c76204ecdb33c16b8582f93f33805eb
expat-devel-2.2.5-4.el8_4.2.x86_64.rpm
SHA-256: 248a836aec5532d001d37e254078b95f75e5483f17de351e211432844f27b335
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.