Bug 2056370 (CVE-2022-25236)
| Summary: | CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abrt-devel-list, adudiak, aprice, arachman, bdettelb, caswilli, csutherl, dfreiber, dhalasz, doconnor, drow, erack, erik-fedora, fhrdina, fjansen, gotiwari, gzaronik, hkataria, jburrell, jclere, jhorak, jkoehler, jmitchel, jorton, jsamir, jtanner, jwong, jwon, kaycoth, kholdawa, kshier, lveyde, manisandro, michal.skrivanek, micjohns, mperina, mpierce, mturk, mvyas, nobody, oezr, omaciel, orabin, pjindal, plodge, psegedy, rcritten, rh-bugzilla, rh-spice-bugs, rjones, sbonazzo, stcannon, sthirugn, stransky, szappis, tcarlin, teagle, tfister, tkasparek, tkorbar, tpopela, tsasak, vkrizan, vkumar, vmugicag, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | expat 2.4.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-04 00:32:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2056371, 2056372, 2057008, 2057009, 2057010, 2057011, 2057012, 2057013, 2057014, 2057023, 2057323, 2057324, 2057429, 2058055, 2058056, 2058057, 2058058, 2058059, 2058060, 2058061, 2058062, 2058063, 2058064, 2058065, 2058066, 2058067, 2058068, 2058069, 2058070, 2058071, 2058072, 2058073, 2058074, 2058075, 2058076, 2058077, 2058078, 2058079, 2058080, 2058081, 2058082, 2058083, 2058084, 2058350, 2058353, 2064169, 2065579, 2065582, 2070468, 2072093 | ||
| Bug Blocks: | 2056373 | ||
|
Description
Avinash Hanwate
2022-02-21 05:30:26 UTC
Created expat tracking bugs for this issue: Affects: fedora-all [bug 2056371] Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 2056372] Upstream commit: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 Created xmlrpc-c tracking bugs for this issue: Affects: fedora-all [bug 2057429] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0815 https://access.redhat.com/errata/RHSA-2022:0815 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0816 https://access.redhat.com/errata/RHSA-2022:0816 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0818 https://access.redhat.com/errata/RHSA-2022:0818 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0817 https://access.redhat.com/errata/RHSA-2022:0817 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0824 https://access.redhat.com/errata/RHSA-2022:0824 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0843 https://access.redhat.com/errata/RHSA-2022:0843 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0847 https://access.redhat.com/errata/RHSA-2022:0847 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0845 https://access.redhat.com/errata/RHSA-2022:0845 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0853 https://access.redhat.com/errata/RHSA-2022:0853 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0850 https://access.redhat.com/errata/RHSA-2022:0850 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951 Created expat tracking bugs for this issue: Affects: oVirt 4.4 [ bug 2065579 ] Affects: CentOS Stream 8 [ bug 2065582 ] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1012 https://access.redhat.com/errata/RHSA-2022:1012 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:1053 https://access.redhat.com/errata/RHSA-2022:1053 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1068 https://access.redhat.com/errata/RHSA-2022:1068 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1070 https://access.redhat.com/errata/RHSA-2022:1070 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:1309 https://access.redhat.com/errata/RHSA-2022:1309 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25236 |