-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: expat security update
Advisory ID: RHSA-2022:5314-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5314
Issue date: 2022-06-28
CVE Names: CVE-2022-25313 CVE-2022-25314
=====================================================================
1. Summary:
An update for expat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, applications using the Expat library
must be restarted for the update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing
2056354 - CVE-2022-25314 expat: integer overflow in copyString()
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
expat-2.2.5-8.el8_6.2.src.rpm
aarch64:
expat-2.2.5-8.el8_6.2.aarch64.rpm
expat-debuginfo-2.2.5-8.el8_6.2.aarch64.rpm
expat-debugsource-2.2.5-8.el8_6.2.aarch64.rpm
expat-devel-2.2.5-8.el8_6.2.aarch64.rpm
ppc64le:
expat-2.2.5-8.el8_6.2.ppc64le.rpm
expat-debuginfo-2.2.5-8.el8_6.2.ppc64le.rpm
expat-debugsource-2.2.5-8.el8_6.2.ppc64le.rpm
expat-devel-2.2.5-8.el8_6.2.ppc64le.rpm
s390x:
expat-2.2.5-8.el8_6.2.s390x.rpm
expat-debuginfo-2.2.5-8.el8_6.2.s390x.rpm
expat-debugsource-2.2.5-8.el8_6.2.s390x.rpm
expat-devel-2.2.5-8.el8_6.2.s390x.rpm
x86_64:
expat-2.2.5-8.el8_6.2.i686.rpm
expat-2.2.5-8.el8_6.2.x86_64.rpm
expat-debuginfo-2.2.5-8.el8_6.2.i686.rpm
expat-debuginfo-2.2.5-8.el8_6.2.x86_64.rpm
expat-debugsource-2.2.5-8.el8_6.2.i686.rpm
expat-debugsource-2.2.5-8.el8_6.2.x86_64.rpm
expat-devel-2.2.5-8.el8_6.2.i686.rpm
expat-devel-2.2.5-8.el8_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-25313
https://access.redhat.com/security/cve/CVE-2022-25314
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <[email protected]>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYr5BkNzjgjWX9erEAQhTsg/9G4U87rN01i0sWtde93EZfYTo4j6Yt2BN
MkmJekPvfOS5Ee7O+UOglBwVtCICPXQ0cQ5CZbSj91epBqhkuCNfroqtoClnLLtO
toPlSKt4mTNbtpletT0d3/sr7xnPKh0Zj0XhtM73fLTdyKoDaLrvay1uRpSvxRGw
7KHPoxRe2Jw6i56BmFoLIcDc03Rhtgouv7lKKbt9jleqYEbwGvazctIa+EI/8cX8
3NutPeAi9PmI5R87NU+NM57lIUmONH6+Skjn/IR33bNDVF3zxppEt8DE8snqfsjV
yiFZOtPLqRJUNLTQyAZZpi9HKyL5Jx/l+UJWmhuZeKXyjXZSi/BuQL2RZvUan7YO
n5WV1m/VbAqIZ08Lu/DQvDbAy5ImrcyqYxFERa8SwbJ/piTm2tqU2ajKHj2HB5X8
Qk1yUz2x7LG8tf/PJ5FmPWv3wKPa+WgCDtzopv4RnR5UIvtJfeH2eVhCNTwGq2o8
RQCDVXY7TPcoLFLFF/9kSY2JPS6hoTg7YVo4yEAfdU5B/IEFaKS/vgDcW6pEDKbz
uXB8FP+i5yKlJKrrhDYLQi4WpTYvp3V7kmEUanfY9W0zln+WlkBoQR/ww0vzwwbT
6H/7stUjRJXqRtQBl0B7pjs/piYV5pdUzp+BWkCIVETFqAInrMJsisWpQ/tElDl5
+NQx9VKG2c0=
=IlFo
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
