A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.
The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.

The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.

"The vulnerability is due to the method (cpio) in which Zimbra's antivirus engine (Amavis) scans inbound emails," cybersecurity firm Rapid7 said in an analysis published this week.

The issue is said to have been abused since early September 2022, according to details shared on Zimbra forums. While a fix is yet to be released, Zimbra is urging users to install the "pax" utility and restart the Zimbra services.

"If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an unauthenticated attacker to create and overwrite files on the Zimbra server, including the Zimbra webroot," the company said last month.

The vulnerability, which is present in versions 8.8.15 and 9.0 of the software, affects several Linux distributions such as Oracle Linux 8, Red Hat Enterprise Linux 8, Rocky Linux 8, and CentOS 8, with the exception of Ubuntu due to the fact that pax is already installed by default.

A successful exploitation of the flaw requires an attacker to email an archive file (CPIO or TAR) to a susceptible server, which is then inspected by Amavis using the cpio file archiver utility to extract its contents.

"Since cpio has no mode where it can be securely used on untrusted files, the attacker can write to any path on the filesystem that the Zimbra user can access," Rapid7 researcher Ron Bowes said. "The most likely outcome is for the attacker to plant a shell in the web root to gain remote code execution, although other avenues likely exist."

Zimbra said it expects the vulnerability to be addressed in the next Zimbra patch, which will remove the dependency on cpio and instead make pax a requirement. However, it has not offered a specific timeframe by when the fix will be available.

Rapid7 also noted that CVE-2022-41352 is "effectively identical" to CVE-2022-30333, a path traversal flaw in the Unix version of RARlab's unRAR utility which came to light earlier this June, the only difference being that the new flaw leverages CPIO and TAR archive formats instead of RAR.

Even more troublingly, Zimbra is said to be further vulnerable to another zero-day privilege escalation flaw, which could be chained with the cpio zero-day to achieve remote root compromise of the servers.

The fact that Zimbra has been a popular target for threat actors is by no means new. In August, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of adversaries exploiting multiple flaws in the software to breach networks.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6838-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6838  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm  
expat-devel-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-devel-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm  
expat-devel-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm  
expat-devel-2.2.10-12.el9_0.3.i686.rpm  
expat-devel-2.2.10-12.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
expat-2.2.10-12.el9_0.3.src.rpm

aarch64:  
expat-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-2.2.10-12.el9_0.3.s390x.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-2.2.10-12.el9_0.3.i686.rpm  
expat-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9BEdzjgjWX9erEAQgpEw//SAVaBRrOgFmB37H+zj9VIGGk+//euxLS  
eXo9/Yn+ysPrdDzSVMxPVoiUY7oyNmuf1tDhacy8p90ZJ+SqpbL2pqAxcVMgq0TF  
8ZMYh54aYp6UM559jonyw8vybrp9YA1LEas3PpctLESErqoM7zLD40oxG0f/o9ly  
K5ezEmbWtdRbkHGbx0waQEZdRinVVtRCnLU8tjRjaTl7/3129O9Qa8qYMhAx4IB4  
pCL8ZCSwFGeQ4va0vHZkcw1x2Qx5WVrFbRV68AYTV/ISGh/bQtPUT+Zk1y/KZKwy  
LQmjw4nX1I8Zpue4+yddOaApdlpTk5CSWkAIUDJOtm/GiKF/nKn6tkZm+LgobpSP  
bUaipq+MbDDsNlnL5vFYob1aqdGvCPh6CKDpbJ2zFFF8dEKMzp4ugJAOD1IVECk0  
5GUwLjo2TuMNJkARQYlZrWkgt5SDt+Rev1tJ4c+GoUiXG2BNzvPG3od+nPUfJEId  
NMDQ5wnyOdXrNV4bDp2A8E4B523YbeaMZ0hbT9k+A7n4ICJMfcxLdwYWR4Eefq7S  
rWHFYDEmrhFUCaB8CwS7yeCkig4xhHY2PeDTjSyorCkQ4hWdKWrhZLT4qEs0ZcQ0  
rTwCDyF0nu4d0V4jMb+gg1GVLFj4I6bhSSGCMf0phGIBF2nwLKuiBbzEPU4S1I1J  
v9xf4LYIGu8=wW9n  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:6839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6839  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
squid-5.2-1.el9_0.2.src.rpm

aarch64:  
squid-5.2-1.el9_0.2.aarch64.rpm  
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm  
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm

ppc64le:  
squid-5.2-1.el9_0.2.ppc64le.rpm  
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm  
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm

s390x:  
squid-5.2-1.el9_0.2.s390x.rpm  
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm  
squid-debugsource-5.2-1.el9_0.2.s390x.rpm

x86_64:  
squid-5.2-1.el9_0.2.x86_64.rpm  
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm  
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A/tzjgjWX9erEAQgfZA/9HJUFYJLUsflB+655ZYluYALZgLYXdyUR  
5LdEVLft4Xk+0BNEII+F0ccPT6qYAFRQ65asWPVZtPKsOc9j8/B1AZ+LLXp9kYcV  
a6RfRVxjc/krmvAl7RysKNjg7QSagTsysMIZ3Bz+aiYKJuiESG5c7EedTHDTX2a2  
S0ZFHkIMID7NJrWAacnkYsSsMUO3Rz3kWBe163lC1Is8pSj0P+Z59qAu26Jrb8Jl  
0oMocTuVl+9QgVJF2GkybK45VxCVNlR8jNBsydrEilm/4rjdQAX0n2dxwYAL4Hu+  
Q6tf+Ifg6YsTPSQtex1ezSvq8cY4INmxAcfGy6mB3FUV1JXLcMmXbj7J6xsyX244  
eGI/4b8cAMOA6tFzx0cIMVvshHBRNw3iyp2Pi9M245VVBRBatGwQ4KVBq0XESKwB  
WArsEN9ZiJKi1F3qgwWIG6gL/l9bTHtQn1gkset3NnmVnT/JjJdzf5azP9TckEA7  
+WyRdC7Pcoi60aRrkMgMgycnLVdBNALY+rRJxSDy+pkmg0EIBQTUJoHHDqyKS/ei  
jebgINvq/zAMHzO+xzmIimJcqVbDU2pIPhTXYiFL0s5MJqsxSmJmG/Nc093QuHsE  
T7koB327qXVDu5RlGNf42Almw46/zWG7AaZtQUV7TOqM67LUCwsNPSJ6s1HCXZ+C  
LLsk+QabmmU=lAus  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openvswitch2.11 security update  
Advisory ID:       RHSA-2022:6850-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6850  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-2132  
====================================================================  
1. Summary:

An update for openvswitch2.11 is now available for Fast Datapath for Red  
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 7 - noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and  
exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 7:

Source:  
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

noarch:  
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

ppc64le:  
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

s390x:  
openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

x86_64:  
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2132  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A9NzjgjWX9erEAQhS6g//dFhnNsL6tYKMlk4Lrp34SksiKG0a7mVh  
pUzeQLBdgCIJ/AW/nYYAKdmLPAA9tbmYPGPEDq4lch7TmCqSTfurW+XJtddfiBjv  
MWFFGBEtTBZRB4T5RskKTjjgdwJdXSVX2D+LTFI7Z2ZdGvhtc6DcdYbvowP7S4Ni  
dZDx7ByueVuM0jJlHePgUMLv8SvT64SDPNWSJqsgM8MLWOMrBRc1RoOwYmWpRYJp  
ohvwvEbEiS6F8g6vDQGhVph2b0v5HYnjFvt5H3TaGVFlzbfsi+2orkXFnJQZ6ube  
I4HTboCKF4dYGiiSgMEOOYF6dbly4uw7cg+g8dlF8KpbQJKfGvyuD5WqKKnmFC+6  
Q031OQK6OzEfcq2LjJgnxq0CA4JjptO0dhfYPgZ8k1wRu/ZmHFs/fTydn7yihWj3  
ux3zkyjOIQUvpfxapxEfZ/DgiR1cU8zqN+Z5SGc365BdkYB2DlqUnFQFEqsLxIId  
R/HeMM1zn7MZ8V+n2pA2vV4HmKdYD8134ukT0B0El1cceERKDMZFKZLi/iXNIEhm  
xJQ+ibu8e/+JngOhmEmDHz2QQaEyIav6jceWCNig59By5oGfRJ8fvq7TQ1TtECDt  
b9imH8r/ylKbjhaPyvrGbPuV7ARuKQxs5/r/UhIAA1kvPrt1jGxST6jUeVO/Mi6K  
3jv+d9QUyS4!Lp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6850-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6831-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6831  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
expat-2.2.5-4.el8_4.4.src.rpm

aarch64:  
expat-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm  
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm

ppc64le:  
expat-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm

s390x:  
expat-2.2.5-4.el8_4.4.s390x.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm  
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm  
expat-devel-2.2.5-4.el8_4.4.s390x.rpm

x86_64:  
expat-2.2.5-4.el8_4.4.i686.rpm  
expat-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm  
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm  
expat-devel-2.2.5-4.el8_4.4.i686.rpm  
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7svtzjgjWX9erEAQjaTg//ZLhz2g9jo1UyFDwiXv2ikm12gbo/z39B  
LrIK+cISbaj2ZmnYaaOVBctGaaM6iwjjw8EnDJUC3VkkIZLE80TD4D3mmUtQa8J/  
g35XEUZR5mxj/34UCH0eiHJ/IuDyEsNh7n8Tk4H8KjdNCUH5Z4F/m3DLXnG+rEnz  
Vc57sI/BBbMsLuYzdrV/+LUAXl3JNusv5MkkB6dlGd6BkVaJYP4YYCU8AZRYPaj4  
2u6lxeUYkrKnFAfgbI/uBxQvHyCZt+7ssbSQSMMkEzEYWbsRz143ykP7Q0ybZ/JL  
NwzflfH8czIESyWID1fwlwGJbBFIZkvLp8Zaf7hqhW/TdcGWb4yRXYnkaMzemYG1  
YUaJRJ0ix6F058q6SpoRNscjFIB9zOGkdtaZY1W0Uq4BqHwO5hj2lhPfEdfxOBlk  
BCfq5nbvOktd6jP9GntJHTJwA/nLyaj8fhBMWlzPqoSvfeL6SAmW+RV3SRsjpmGD  
vbrf5CeFsz2BawRAB+W63PYmYx60F1xarmhwlUqdt6FsF87V6k6hiV/NkZMvzs5Q  
l2e8PR9IUzkapp1pMDc5EC1RhBv8e6hS16C7iFnqEwmOFEF1hmLo2PK38jgOaEvH  
tiSmbSFKL4UQsn7byPAjpY8T+pKFxfVfAyOV67LfKzQ+T6m+Si/WHt+u6G2Yra3A  
wyAFjcY9yPE=livL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6832-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6832  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
expat-2.2.5-3.el8_2.3.src.rpm

aarch64:  
expat-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.aarch64.rpm  
expat-devel-2.2.5-3.el8_2.3.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-devel-2.2.5-3.el8_2.3.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_2.3.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.s390x.rpm  
expat-debugsource-2.2.5-3.el8_2.3.s390x.rpm  
expat-devel-2.2.5-3.el8_2.3.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_2.3.i686.rpm  
expat-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.i686.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.i686.rpm  
expat-debugsource-2.2.5-3.el8_2.3.x86_64.rpm  
expat-devel-2.2.5-3.el8_2.3.i686.rpm  
expat-devel-2.2.5-3.el8_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7slNzjgjWX9erEAQhubRAAhOwHmqgokhhYOsZjMdN6KaDUqts5+19U  
/t3sBxAMYNehzxCDTKbt1hf2kEJDD7V7pcZ/VcbKyb2iWisYxPMVFxvRfc6tcB87  
M9UIKYyhC8CsFQKxijFpWRIOhhH/hEc2eetC1RlkAYotrBcmVthguNHmGgEfaN0N  
kZTXcBsXm9jrO8UhyJakXMvHD6C9PsMLTrJYcDZbBJZpLSoGvAOlFlKjaz2VMY+7  
HPqdKZpPqmHR2PxsEPYXmk0mzQxzxPW6o8oHiheaHz8CkKH+97oNXEawVjuczGxk  
62JNTB+OtVlpMt7ppngc0Go3eTmVj9Hr8uDDt83HU/sN5BhSoXRCZjVNodvhgjAN  
hSD8sAfQSosZh5fX1QXMIql16ZudyxlyIXdPub3w4I7ZUCG7v69cHSY1b8b9HKyF  
dpkgWrvtTaTVe0CSU3xcDijwng0MqJWLsAIjPvk3/DdJI4hdXd7iPGeQFkqTqiOA  
Lf8v45vwjK9ngfj1PbHptBlxG+bfYPyGCVPu10TniVlobrUXQaYrzut4lyZZFMyp  
EhFoenudt86L6vOo8s9/ZaIlZimhWH+zlcwdw4ksVQ/cCVeKTHG6v7lbTL07TOPs  
d38rmnyJd/ulrGC9T1Rj8ZMMQ3D+c1xF6R8g1leE/t3mD718bfjnrPN7umx/d/Av  
TQMo3Q0dgVo=qSey  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6834-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6834  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

ppc64:  
expat-2.1.0-15.el7_9.ppc.rpm  
expat-2.1.0-15.el7_9.ppc64.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-devel-2.1.0-15.el7_9.ppc.rpm  
expat-devel-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-2.1.0-15.el7_9.ppc64le.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-devel-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-2.1.0-15.el7_9.s390.rpm  
expat-2.1.0-15.el7_9.s390x.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-devel-2.1.0-15.el7_9.s390.rpm  
expat-devel-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-static-2.1.0-15.el7_9.ppc.rpm  
expat-static-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-static-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-static-2.1.0-15.el7_9.s390.rpm  
expat-static-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sqdzjgjWX9erEAQjxyA//VKee7fxyq3Bih4oJvm9Lexgt4hgej3nR  
fJvpW6n+WTV6RRGtSSD37Lif1kav3bFiQBI4u2ZDrfEQ6ZETIcl6wKANdMI4zxYk  
Nh1CAxuWtnJsqQqu4pyViMT5pP5UgbO0suKps2TSTjq7f2Hok0IkLjEhqFlrfBA1  
owK2Pk6OltAvGKqLJuV9+MIgFGZNei5vuHCQwYS3V+CGXZpAnWwfRt69S2vRAOb0  
CB5eR4yF+IGn3eEebkArFEF97eGR9kqS4o63etEqMdoQ70FaPJKe9YM/y41Q/4gV  
/gD5H6caQk6ShO/O4UmabTw5TeiKzl7tJMxdYTd3rpBEZFNQiye45++4YY64+z0o  
uSNST+1PSz/8o+3XrpFKzs//ePLhYttC9/mLIIcVnrO1l3HTwKCP5rylMb/E3pJS  
Hc4QEUMw6orsFzNpMVtN9uiX23/Xzy1W4avKxlKSyf3PraXhiwz/GOz0R7mtaOKZ  
xH/8Pt3qKbOsCtmTx/SYx2ALqOm3jEC5s3zXfWjoFM6Um7wLYu1U2uWeuMHk5Hsu  
A2OADrOyY/88JODsLsugVVpvrAX0LrY8GOdXM1ZVRb2URdYL51bfQyEf2YEewplx  
x06H6MonBt/ZjLC4fba+v/yeM9TvdcDd7M7SgfEqwBniFhyTLUBWab00AR4t8ngY  
J17i8lcjGUc=IVzO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6835-01 - This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Service Registry (container images) release and security update [2.3.0.GA]  
Advisory ID:       RHSA-2022:6835-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6835  
Issue date:        2022-10-06  
CVE Names:         CVE-2021-22569 CVE-2021-37136 CVE-2021-37137  
                   CVE-2021-41269 CVE-2022-0235 CVE-2022-0536  
                   CVE-2022-0981 CVE-2022-21724 CVE-2022-23647  
                   CVE-2022-24771 CVE-2022-24772 CVE-2022-24773  
                   CVE-2022-25647 CVE-2022-25857 CVE-2022-25858  
                   CVE-2022-26520 CVE-2022-31129 CVE-2022-37734  
====================================================================  
1. Summary:

An update to the images for Red Hat Integration Service Registry is now  
available from the Red Hat Container Catalog. The purpose of this text-only  
errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Integration - Service registry 2.3.0.GA serves as a  
replacement for 2.0.3.GA, and includes the below security fixes.

Security Fix(es):

* cron-utils: template Injection leading to unauthenticated Remote Code  
Execution (CVE-2021-41269)

* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)

* snakeyaml: Denial of Service due missing to nested depth limitation for  
collections (CVE-2022-25857)

* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

* protobuf-java: potential DoS in the parsing procedure for binary data  
(CVE-2021-22569)

* quarkus: privilege escalation vulnerability with RestEasy Reactive scope  
leakage in Quarkus (CVE-2022-0981)

* quarkus-jdbc-postgresql-deployment: jdbc-postgresql: Unchecked Class  
Instantiation when providing Plugin Classes (CVE-2022-21724)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may  
buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for  
decompressed data (CVE-2021-37136)

* node-fetch: exposure of sensitive information to an unauthorized actor  
(CVE-2022-0235)

* follow-redirects: Exposure of Sensitive Information via Authorization  
Header leak (CVE-2022-0536)

* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability  
(CVE-2022-26520)

* node-forge: Signature verification leniency in checking `digestAlgorithm`  
structure can lead to signature forgery (CVE-2022-24771)

* node-forge: Signature verification failing to check tailing garbage bytes  
can lead to signature forgery (CVE-2022-24772)

* node-forge: Signature verification leniency in checking `DigestInfo`  
structure (CVE-2022-24773)

* com.google.code.gson-gson: Deserialization of Untrusted Data in  
com.google.code.gson-gson (CVE-2022-25647)

* terser: insecure use of regular expressions leads to ReDoS  
(CVE-2022-25858)

* graphql-java: DoS by malicious query (CVE-2022-37734)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data  
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way  
2024632 - CVE-2021-41269 cron-utils: template Injection leading to unauthenticated Remote Code Execution  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak  
2056643 - CVE-2022-23647 prismjs: improperly escaped output allows a XSS  
2062520 - CVE-2022-0981 quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery  
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery  
2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure  
2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson  
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS  
2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS  
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2126809 - CVE-2022-37734 graphql-java: DoS by malicious query

5. References:

https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-37136  
https://access.redhat.com/security/cve/CVE-2021-37137  
https://access.redhat.com/security/cve/CVE-2021-41269  
https://access.redhat.com/security/cve/CVE-2022-0235  
https://access.redhat.com/security/cve/CVE-2022-0536  
https://access.redhat.com/security/cve/CVE-2022-0981  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-23647  
https://access.redhat.com/security/cve/CVE-2022-24771  
https://access.redhat.com/security/cve/CVE-2022-24772  
https://access.redhat.com/security/cve/CVE-2022-24773  
https://access.redhat.com/security/cve/CVE-2022-25647  
https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-25858  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-31129  
https://access.redhat.com/security/cve/CVE-2022-37734  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7stNzjgjWX9erEAQiCEQ/+OPmlKRufUR1D+rRvhWHeBMxdJ9NMoaMm  
rV3uH/FIiBLFSYWXgTY8gb53BVsZHEPfZ6G3ol70iyOjDbXazQsYBuhg/9RMLmz9  
+J1yK5sSeE9HyisYbYdHuuGIKpEMGXp78NP1rlwBEgyFrkY8pJHSdv/Fc87f2B3Z  
VeExd/Zvdcj5M4/ZmCin1yNALPKlhnbp9+9MGvcLufJUsXxOKPrQVCYMgWVWc0Wc  
aNRm4y8FBOnYrB9FeA2BBYEpmBrRK8G8OsoebuqaBvKAvytVV/NSiOMKsdaGD9WL  
XeLPl5XE3rpEVeUEH4aEjdHe6weLk/sjst335xgWI7QHZT/gjZxmxza2TBGgIkRJ  
yBT/n63geWAkaTXUCP0oepJDPKAio6B/CFVzTZS8jqO/0rDDvHIZN94nhceqamW3  
GC5gha56Pk+qcw3sArvtu0G72wY5O/+/kxp0mV+sWczIIlbS7FlkG+sxl5uHo3+M  
DDBOMwNROI6bInBxnBD4GWMepW40cGaAXt1HN/1NVaZq0mw4cdyulOMJfPpJGQK5  
IGS+TnvZn86p3cZysR3eMuaPzFG9U8vnaAw8enRmiJ6wG3NFkklIRelO7fEF8n3R  
drGnqa8gB589c9x3QUurBytdDxYWd2T71TOTyMFdTI9NtOAeuIvX+6lDj0BOftH3  
Jnw+PamuYNcÌnF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6835-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6833-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6833  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
expat-2.2.5-3.el8_1.2.src.rpm

aarch64:  
expat-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.aarch64.rpm  
expat-devel-2.2.5-3.el8_1.2.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-devel-2.2.5-3.el8_1.2.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_1.2.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.s390x.rpm  
expat-debugsource-2.2.5-3.el8_1.2.s390x.rpm  
expat-devel-2.2.5-3.el8_1.2.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_1.2.i686.rpm  
expat-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.i686.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.i686.rpm  
expat-debugsource-2.2.5-3.el8_1.2.x86_64.rpm  
expat-devel-2.2.5-3.el8_1.2.i686.rpm  
expat-devel-2.2.5-3.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sntzjgjWX9erEAQilzg/9G0hBlNyYGAOEQ2Wd1hoaviKz1x8xQSjk  
6Yp8hYteJ8barDPVG6ZSkOzK0EgwOU2BZem6D8s4jTF3SjYokQlC5qleON1kbV6v  
uegK8apoBsByZZVbpL3ioMcwT0jvoMJkmUhOrQmd8ijnWWBcQsmwVBCP8ej/YJcd  
ugtcxE9GIaXt/KCDg04ly+NaB21Ej2bvHC9IglajZyFglLESCs9aufQcEUIyyYN5  
KHjLdIxmUvs61FsROSB4GH22OABH6v7JAZwIQB3bVr1HVSpU6eUU2ug+DN/sELtk  
0wLZWTUk09V6I2uzF3Og40qsOUmgik5CSbeNrP5j/QAYz7Fys2HYs+ybx9zIMmlw  
t72+MCZO911IxV+CV2ev5qjluOgDcNDWJJVsvjSdiMpsK6d1xe7t224MYqHJLV5v  
93fRMoL//MmF0OMcgNrR8ijooUq1WrxJBIjQQ+imyNezvjevYPnWcl2sfTJIBZAH  
UHblj3RmjTmg9qEl/hxsWqYO+7o7CqzJ49nPxAzvu/F6SKR56SRZwsZnLt/awXLD  
SfO2ff2jZA7Ruq5kvfspzh9EYlsz4117uRlm4jtYXCtnlsR43v3bDPw50oTEgTvm  
OJMkFOVAN5uVSPttPacD0JaIDpeV26ofSakXknA4+lwle9hP1enX5nQ3qkne06Dq  
7vR0gnLs+t4=0lxG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6833-01

Red Hat leads the tech industry's cutting edge practices for the resolution of cybersecurity issues. Red Hat does this by providing relevant and accessible information and enabling the larger community to make well-informed decisions about security issues.

Red Hat leads the tech industry's cutting edge practices for the resolution of cybersecurity issues. Red Hat does this by providing relevant and accessible information and enabling the larger community to make well-informed decisions about security issues.

As part of our continuing reviews, Red Hat saw the need to make public a formal incident response plan (IRP) to lead our incident response and vulnerability management. FedRAMP and other regulatory frameworks also require a formal, published IRP. It made sense that Red Hat should put forth the effort to make sure we thoroughly documented our incident response processes to cover our needs and to deliver a more systematic way to analyze and improve our vulnerability reports.

As we researched how other companies handled the reporting of vulnerabilities, we quickly discovered that there are no open source IRPs for product security. Since Red Hat fosters a culture of innovation, we decided to formalize our own IRP and make it public. 

We also decided that we would live true to our open source ethos and obtain feedback from the community. As a result, **we have published a template for industry use and consideration**. This document is the first public, open source Product Security Incident Response Plan created, and we look forward to collaborating with industry partners to improve our security processes.

**Why have an IRP?**

An incident response plan is a planned course of action for all significant security incidents. Some incidents lead to larger efforts impacting products for days or months. Having an incident response plan helps stop, contain, communicate and resolve incidents more quickly in an efficient  manner with greater consistency. It is not a playbook, but rather an overarching guide to the processes that need to happen across the organization around incidents and their resolution. After all, incident responses involve more than just the security team and engineering. Playbooks and other detailed procedures are then linked to the plan.

Another example of the value of an IRP is how it informs and collaborates on specific processes that support the response effort for the organization. Red Hat includes how to classify the severity of each Common Vulnerability and Exposure (CVE), additionally providing a Common Vulnerability Scoring System (CVSS) score. However, a particular Red Hat product may be less impacted due to compensating controls around a specific piece of code. A formal IRP helps direct the teams in responding to these scenarios and gives a solid response to customer questions about being thorough in responding.

**Our process**

Having a systematic process that can handle these requirements is not trivial. Red Hat’s plan for incident response is a multistep process that starts by triaging flaws, then doing analysis and finally following through with trackers and fixes. The IRP is the formal process that Red Hat will follow when presented with a product security incident. These incidents can be as simple as a false positive report or a severe risk to the security of our customers using our products. When we receive a flaw, the first step is to determine if our products are affected. If so, we determine the severity to which the product is affected. This severity analysis will determine the urgency of the response and ensure that the vulnerabilities are fixed promptly. This process must be followed consistently and accurately.

For companies, like Red Hat, that are involved in numerous open source communities and vulnerability email lists, the first step, "triage," can be challenging. These disclosure lists publish all known vulnerabilities and place the responsibility on a company to determine the effect on their products.  In addition to reviewing these sources, we maintain an **email address** where people can report vulnerabilities. All of these information sources form the basis of our reports, which we monitor in a queue system. When an incident is reported in this queue system, this kicks off our assessment for severity and notification. 

As a result, while many vulnerabilities do not affect us, we must triage them to determine whether we are affected or not with certainty. This "lack of guaranteed risk" presents numerous challenges to our analysis process. 

If it seems plausible that our products may be affected, we send the vulnerability for further analysis, entering our assessment and coordination phase. This is where we do a complete analysis. We verify whether we are affected by the vulnerability, and if we are, we coordinate with engineering to ensure a fix is released promptly.

Some CVEs are not public when reported via direct private communications or private mailing lists, known as Embargoed CVEs. In these cases, there must be a way to keep them private while coordinating the fix and until they are disclosed to the public.

This IRP process helps to protect customers as soon as reasonably possible for various flaws. When we have a decision to create a fix and a timeline for a fix to be ready, we conclude this phase and enter our recovery and closure phase. Here, we finalize the incident’s tracking and prepare any necessary outside communications. This concludes our final phase, which finishes our consistent analysis process. 

Our IRP document tracks the primary stakeholders we interact with and our expectations on what they will be tasked with during incidents. For example, we will work with Engineering, Quality Engineering and Release teams to track reported incidents impacting each product engineering team through the release and closure or decision not to release a fix. When an incident is classed as a Major Incident, our process guides us on when we will engage with each stakeholder for internal tracking and orchestration. This engagement during a Major Incident extends to valuable contributions from Legal and Communications teams for preparing public communications for our customers and other factors outlined within the IRP. 

Every phase in our process has a clear list of steps that must have a conclusion, prevent missed details and function as a requirements checklist. As a result of this orderly method, the analysis is much faster and analysts can cover more products, adding to more accuracy. 

**Conclusion**

We believe that sharing this methodology with the broader software community helps provide us  all with more secure software as well as coordinated orchestration for vulnerability responses. This methodology continues to enable us to be more proactive in software security, where our response is planned and understood by all stakeholders, making it faster and more consistent. 

We also welcome industry partners to collaborate with us on this so that we can all collectively improve our product security incident responses.

Tag

#red_hat