ID

VAR-202202-0163

CVE

CVE-2022-25313

TITLE

Expat Resource Management Error Vulnerability

DESCRIPTION

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint 2042652 - Unable to deploy hw-event-proxy operator 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047308 - Remove metrics and events for master port offsets 2055049 - No pre-caching for NFD images 2055436 - nfd-master tracking the wrong api group 2055439 - nfd-master tracking the wrong api group (operand) 2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules 2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag 2062849 - hw event proxy is not binding on ipv6 local address 2066860 - Wrong spec in NFD documentation under `operand` 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2067312 - PPT event source is lost when received by the consumer 2077243 - NFD os release label lost after upgrade to ocp 4.10.6 2087511 - NFD SkipRange is wrong causing OLM install problems 2089962 - Node feature Discovery operator installation failed. 2090774 - Add Readme to plugin directory 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. Summary: OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security fix: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS Bug fixes: * Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856) * RHACM 2.3.12 images (BZ# 2101411) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022 expat vulnerabilities and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3 Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4 Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7 Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6 In general, a standard system update will make all the necessary changes. 8) - noarch 3. The mingw-expat packages provide a port of the Expat library for MinGW. The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2022:5244-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5244 Issue date: 2022-06-28 CVE Names: CVE-2022-25313 CVE-2022-25314 ==================================================================== 1. Summary: An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Security Fix(es): * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm expat-devel-2.2.10-12.el9_0.2.aarch64.rpm ppc64le: expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm expat-devel-2.2.10-12.el9_0.2.ppc64le.rpm s390x: expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm expat-devel-2.2.10-12.el9_0.2.s390x.rpm x86_64: expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm expat-debugsource-2.2.10-12.el9_0.2.i686.rpm expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm expat-devel-2.2.10-12.el9_0.2.i686.rpm expat-devel-2.2.10-12.el9_0.2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: expat-2.2.10-12.el9_0.2.src.rpm aarch64: expat-2.2.10-12.el9_0.2.aarch64.rpm expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm ppc64le: expat-2.2.10-12.el9_0.2.ppc64le.rpm expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm s390x: expat-2.2.10-12.el9_0.2.s390x.rpm expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm x86_64: expat-2.2.10-12.el9_0.2.i686.rpm expat-2.2.10-12.el9_0.2.x86_64.rpm expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm expat-debugsource-2.2.10-12.el9_0.2.i686.rpm expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYr6V2tzjgjWX9erEAQhx2BAApcJi2EvcUkiTKbkRqHYQEu+aGBlMy0m0 FwD5XuL/DWKDz2EVTOTOlBsWzMpFijbpe8F/+Esi1airKxvG5fUNJ1kLxEnvAwxI ndZfHNjwURLNlrvYASazjCAwkxai4pI9M/YaUXRv4nRbjgsQWww0nbamsbRsGjUx PO+4DDTvFG8tu579I0OWSWUuq6q1l2keKGdIKH/q2PXeMZj4GUcsUP7grwtrMzGb PsWw9vAcaOls6ukllEoLgJHwYgHX+zxiG58S2x7UqwnEo7sK8F1YgEcAu3daWtDv duT3QpFHZzwL74ImfyPGnqxOFz0IeotLPZTdPyYA5uTqvXcvhnjVignyOER5x3Ll xvwQwjmEJ7rUX4TJS5irpEN98+Rz8CZRgUkTpjxuEGWpoAKNovHGGVaCdifPaeBF ZvqPDfSzaHPHDnvkpuNkiin3Xr0OznZRLMMQe8+H/YDax4oza+KTsyJ6//QvaDxA C2p6EApD4d1PFV7fMN5cX1VI1mHvTwBXqzjjrBIVkyQuDlqWzdc0Nu4LgfOysMEM ZfPUDWZeGc/uKuTbG8iKnfqQR1KMo2A0doOMPVcg7YWwe3y/uNBWrwmo6xYLwnug /3Uknknm+JWXEhcdKnim6NgkJSZ7qNl+iy9cyYPGLFYfr61DnsLsnf/MtMZa0BZn L4f1Gjmc9Io=jvNX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-02-20T20:43:54.572000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE