Headline
RHSA-2022:6831: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-10-06
Updated:
2022-10-06
RHSA-2022:6831 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Expat is a C library for parsing XML documents.
Security Fix(es):
- expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm
SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm
SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
s390x
expat-2.2.5-4.el8_4.4.s390x.rpm
SHA-256: bf4d6aa738b4ee56e592e4ff6d623566199ca8080960f011787d273498acfe88
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm
SHA-256: 9e20dd5965b84a2e81b7fde8e4193df09be36fce623574ab0bdd71f1f17ff859
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm
SHA-256: ce34aa9a8f44bf17a959476c45a02db45c7747a9257d812d2850293c76201f3f
expat-devel-2.2.5-4.el8_4.4.s390x.rpm
SHA-256: 98913a8444058ce6279c089763948fd1797aefd8e550a917b690a69329e82c83
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
ppc64le
expat-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 9d0e2af981600e995075a346434b52488b035a6b025e3525cc23a5f25a7e7be6
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: f5bd02d3520d21295e6c645d0f8147522fd49408c0f1ec690be28f50f9d2187b
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 37733f7a0e51e13843f7e8f92ceb3e971855b5046e6afe96b6c9117b15d4ce20
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 4fa846955f3bfa762e052de05d848f131b2ab3ae73fa8ab9d25487793929d499
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm
SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
aarch64
expat-2.2.5-4.el8_4.4.aarch64.rpm
SHA-256: b022366c2f943115438e39db3f1f74a9b5c67dfae5ba3431c99d97ca0358fc0c
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm
SHA-256: 74a095a65928a930e69ec4bc995255f98df8bb7bbb97d274aa6c896662cd8df7
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm
SHA-256: a4597e9b2502705e7e4b21e0395508b8a52b9f03caf4b6cb9a1638b4b08d9fe9
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm
SHA-256: 38f59a8b15ade35ff136514af162a6c36861bcee2acf0fd331633bffc6fd5786
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
ppc64le
expat-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 9d0e2af981600e995075a346434b52488b035a6b025e3525cc23a5f25a7e7be6
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: f5bd02d3520d21295e6c645d0f8147522fd49408c0f1ec690be28f50f9d2187b
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 37733f7a0e51e13843f7e8f92ceb3e971855b5046e6afe96b6c9117b15d4ce20
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm
SHA-256: 4fa846955f3bfa762e052de05d848f131b2ab3ae73fa8ab9d25487793929d499
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
expat-2.2.5-4.el8_4.4.src.rpm
SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm
SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm
SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm
SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code * CVE-2022-40674: ex...
An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...
Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.
Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-7261-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-7022-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Security Advisory 2022-6967-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for compat-expat1 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for expat is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for expat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for expat is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for expat is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Gentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.
Ubuntu Security Notice 5638-1 - Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.