Debian Bug report logs -
#1005894
expat: CVE-2022-25235
Package:
src:expat;
Maintainer for src:expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 16 Feb 2022 21:39:01 UTC
Severity: grave
Tags: security, upstream
Found in version expat/244-1
Forwa ...
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed
For the oldstable distribution (buster), these problems have been fixed
in version 226-2+deb10u3
For the stable distribution (bullseye), the ...
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution This issue is dependent on how invalid UTF-8 is handled inside the XML processor (CVE-2022-25235) ...
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution This issue is dependent on how invalid UTF-8 is handled inside the XML processor (CVE-2022-25235)
A flaw was found in expat Passing one or more names ...
xmltok_implc in Expat (aka libexpat) before 245 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context ...
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution This issue is dependent on how invalid UTF-8 is handled inside the XML processor (CVE-2022-25235) ...
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution This issue is dependent on how invalid UTF-8 is handled inside the XML processor (CVE-2022-25235)
A flaw was found in expat Passing one or more names ...
A flaw was found in Thunderbird The vulnerability occurs due to an out-of-bounds write of one byte when processing the message This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write (CVE-2022-0566)
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, fr ...
Synopsis
Important: Red Hat Virtualization Host security and enhancement update [ovirt-4410] Async #2
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for redhat-release-virtualization-host and redhat-virtualiz ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product ...
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a secu ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 14OpenShift GitOps v144Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v123)Re ...
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security ha ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated t ...
Synopsis
Critical: firefox security and bug fix update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Synopsis
Important: xmlrpc-c security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has ra ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated ...
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated th ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security ...
Synopsis
Important: xmlrpc-c security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has ra ...
Synopsis
Important: xmlrpc-c security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Secur ...
Synopsis
Important: expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for expat is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated th ...
Synopsis
Important: xmlrpc-c security update
Type/Severity
Security Advisory: Important
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity r ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security ...
Synopsis
Moderate: OpenShift Container Platform 4657 security and extras update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Synopsis
Important: RHV-H security update (redhat-virtualization-host) 4322
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now availabl ...
Synopsis
Moderate: Red Hat OpenShift Service Mesh 2121 containers security update
Type/Severity
Security Advisory: Moderate
Topic
An update for is now available for OpenShift Service Mesh 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Synopsis
Moderate: OpenShift Virtualization 4101 Images security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Virtualization release 4101 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a securit ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2451 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2451 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 171 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 171 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 13OpenShift GitOps v136 for OCP 47+Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Low: Release of OpenShift Serverless Version 1220
Type/Severity
Security Advisory: Low
Topic
OpenShift Serverless version 1220 contains a moderate security impactThe References section contains CVE links providing detailed severity ratings for each vulnerability Ratings are based on a Common Vulnerability Scoring System (CVSS) ...
Synopsis
Important: mingw-expat security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for mingw-expat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 243 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 243 General Availability release images This update provides security fixes, bug fixes, and updates the container imagesRed Hat Product Security has ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 154 security update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 238 security and container updates
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 238 GeneralAvailability release images, which provide security and container updatesRed Hat Product Security has rated this update as having a securit ...
A flaw was found in expat Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution This issue is dependent on how invalid UTF-8 is handled inside the XML processor (CVE-2022-25235) ...
ALAS-2022-232
Amazon Linux 2022 Security Advisory: ALAS-2022-232
Advisory Release Date: 2022-12-06 16:43 Pacific
...