ID

VAR-202202-0050

CVE

CVE-2022-25235

TITLE

Red Hat Security Advisory 2022-1039-01

DESCRIPTION

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Expat is a fast streaming XML parser written in C. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * Mozilla: Use-after-free in text reflows (CVE-2022-26381) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383) * Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384) * Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387) * Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64 3. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 6

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow, code execution

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-07T20:14:36.494000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE