Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7025: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#firefox#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-10-18

Updated:

2022-10-18

RHSA-2022:7025 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

  • expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

x86_64

firefox-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 0e9e5a7eb6f3167ec5c99be1965b64976dc06d4e10b556faf15dbe220c9a19d0

firefox-debuginfo-102.3.0-7.el8_4.x86_64.rpm

SHA-256: ad330ac19a1b847522e43c5785283fc5f8c9b2ae69a7bfa9e6aa1bbe3758ddee

firefox-debugsource-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 3d4fd4928209ee28f2f3cc666eca9ed480d7015f0c13338d46a314946fdee1b0

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

x86_64

firefox-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 0e9e5a7eb6f3167ec5c99be1965b64976dc06d4e10b556faf15dbe220c9a19d0

firefox-debuginfo-102.3.0-7.el8_4.x86_64.rpm

SHA-256: ad330ac19a1b847522e43c5785283fc5f8c9b2ae69a7bfa9e6aa1bbe3758ddee

firefox-debugsource-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 3d4fd4928209ee28f2f3cc666eca9ed480d7015f0c13338d46a314946fdee1b0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

s390x

firefox-102.3.0-7.el8_4.s390x.rpm

SHA-256: eca4ce6b555b0a4d84dcd7f7650d1090194c973d215f4527117415e0423a93cf

firefox-debuginfo-102.3.0-7.el8_4.s390x.rpm

SHA-256: f761ea73b6ed2b304d03d8392b26ba167b178f62722cc8d12e8862814dfef37c

firefox-debugsource-102.3.0-7.el8_4.s390x.rpm

SHA-256: 5fa2a21a8d3eba786e9204b38945f62e6b998f95181f92188c750c20ece26a05

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

ppc64le

firefox-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: c8db09f9b30e3375274775ed35ddaa48036bd90eced9503d36a572c5fd1cfd64

firefox-debuginfo-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: 75f29a83c9a70d0b09d7705dc1702440c60339188da01d7de9f476c2a21204e0

firefox-debugsource-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: bc82f1663b97b079d29644d67e4088dc05374ab1ecf300f679d5d798b98bb666

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

x86_64

firefox-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 0e9e5a7eb6f3167ec5c99be1965b64976dc06d4e10b556faf15dbe220c9a19d0

firefox-debuginfo-102.3.0-7.el8_4.x86_64.rpm

SHA-256: ad330ac19a1b847522e43c5785283fc5f8c9b2ae69a7bfa9e6aa1bbe3758ddee

firefox-debugsource-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 3d4fd4928209ee28f2f3cc666eca9ed480d7015f0c13338d46a314946fdee1b0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

aarch64

firefox-102.3.0-7.el8_4.aarch64.rpm

SHA-256: 70be877b5bb43bfd10548e5021a087d725309051c12469e15c9f6ce139007abd

firefox-debuginfo-102.3.0-7.el8_4.aarch64.rpm

SHA-256: e682139b1123163ee57f3811cffa44ab3c1a5f8e672d2c5608e0ad5e269b9dc2

firefox-debugsource-102.3.0-7.el8_4.aarch64.rpm

SHA-256: 23086b37371964243128542329a2f5a2308f66ca48dcbfa3bd40bd5de382ee7c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

ppc64le

firefox-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: c8db09f9b30e3375274775ed35ddaa48036bd90eced9503d36a572c5fd1cfd64

firefox-debuginfo-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: 75f29a83c9a70d0b09d7705dc1702440c60339188da01d7de9f476c2a21204e0

firefox-debugsource-102.3.0-7.el8_4.ppc64le.rpm

SHA-256: bc82f1663b97b079d29644d67e4088dc05374ab1ecf300f679d5d798b98bb666

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

firefox-102.3.0-7.el8_4.src.rpm

SHA-256: 29301860911d8a43f5540ab4deb1b9b5a277d544ac06c26f5c6aa2e6c419a4b8

x86_64

firefox-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 0e9e5a7eb6f3167ec5c99be1965b64976dc06d4e10b556faf15dbe220c9a19d0

firefox-debuginfo-102.3.0-7.el8_4.x86_64.rpm

SHA-256: ad330ac19a1b847522e43c5785283fc5f8c9b2ae69a7bfa9e6aa1bbe3758ddee

firefox-debugsource-102.3.0-7.el8_4.x86_64.rpm

SHA-256: 3d4fd4928209ee28f2f3cc666eca9ed480d7015f0c13338d46a314946fdee1b0

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8609: Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update

Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

RHSA-2022:6882: Red Hat Security Advisory: Openshift Logging 5.3.13 security and bug fix release

An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

RHSA-2022:7313: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

Red Hat Security Advisory 2022-6905-01

Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

Red Hat Security Advisory 2022-7020-01

Red Hat Security Advisory 2022-7020-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7024-01

Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6996-01

Red Hat Security Advisory 2022-6996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

RHSA-2022:7024: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

RHSA-2022:7020: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

RHSA-2022:7019: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

RHSA-2022:7021: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

Red Hat Security Advisory 2022-6967-01

Red Hat Security Advisory 2022-6967-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

RHSA-2022:6998: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

Red Hat Security Advisory 2022-6921-01

Red Hat Security Advisory 2022-6921-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

RHSA-2022:6921: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

RHSA-2022:6878: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

RHSA-2022:6832: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c

Ubuntu Security Notice USN-5638-1

Ubuntu Security Notice 5638-1 - Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.