xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. http://www.openwall.com/lists/oss-security/2022/02/19/1 https://github.com/libexpat/libexpat/pull/562
Created expat tracking bugs for this issue: Affects: fedora-all [bug 2056367] Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 2056368]
Upstream commit: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
Created xmlrpc-c tracking bugs for this issue: Affects: fedora-all [bug 2057430]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0815 https://access.redhat.com/errata/RHSA-2022:0815
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0816 https://access.redhat.com/errata/RHSA-2022:0816
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0818 https://access.redhat.com/errata/RHSA-2022:0818
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0817 https://access.redhat.com/errata/RHSA-2022:0817
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0824 https://access.redhat.com/errata/RHSA-2022:0824
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0843 https://access.redhat.com/errata/RHSA-2022:0843
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0847 https://access.redhat.com/errata/RHSA-2022:0847
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0845 https://access.redhat.com/errata/RHSA-2022:0845
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0853 https://access.redhat.com/errata/RHSA-2022:0853
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0850 https://access.redhat.com/errata/RHSA-2022:0850
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Created expat tracking bugs for this issue: Affects: oVirt 4.4 [ bug 2065579 ] Affects: CentOS Stream 8 [ bug 2065582 ]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1012 https://access.redhat.com/errata/RHSA-2022:1012
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:1053 https://access.redhat.com/errata/RHSA-2022:1053
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1068 https://access.redhat.com/errata/RHSA-2022:1068
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1070 https://access.redhat.com/errata/RHSA-2022:1070
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:1309 https://access.redhat.com/errata/RHSA-2022:1309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1539 https://access.redhat.com/errata/RHSA-2022:1539
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1540 https://access.redhat.com/errata/RHSA-2022:1540
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1644 https://access.redhat.com/errata/RHSA-2022:1644
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1643 https://access.redhat.com/errata/RHSA-2022:1643
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25235