MGASA-2022-0081 - Updated expat packages fix security vulnerability

Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0081.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-25235,
     CVE-2022-25236,
     CVE-2022-25313,
     CVE-2022-25314,
     CVE-2022-25315

Passing malformed 2- and 3-byte UTF-8 sequences (e.g. from start tag names)
to the XML processing application on top of Expat can cause arbitrary
damage (e.g. code execution) depending on how invalid UTF-8 is handled
inside the XML processor; validation was not their job but Expat's.
Exploits with code execution are known to exist. (CVE-2022-25235)

Passing (one or more) namespace separator characters in "xmlns[:prefix]"
attribute values made Expat send malformed tag names to the XML processor
on top of Expat which can cause arbitrary damage (e.g. code execution)
depending on such unexpectable cases are handled inside the XML processor;
validation was not their job but Expat's. Exploits with code execution
are known to exist. (CVE-2022-25236)

Fix stack exhaustion in doctype parsing that could be triggered by e.g. a
2 megabytes file with a large number of opening braces. Expected impact
is denial of service or potentially arbitrary code execution.
(CVE-2022-25313)

Fix integer overflow in function copyString;  only affects the encoding
name parameter at parser creation time which is often hardcoded (rather
than user input), takes a value in the gigabytes to trigger, and a 64-bit
machine.  Expected impact is denial of service. (CVE-2022-25314)

Fix integer overflow in function storeRawNames; needs input in the
gigabytes and a 64-bit machine. Expected impact is denial of service or
potentially arbitrary code execution. (CVE-2022-25315)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30070
- https://seclists.org/oss-sec/2022/q1/150
- https://ubuntu.com/security/notices/USN-5288-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315

SRPMS:
- 8/core/expat-2.2.10-1.3.mga8

Mageia 2022-0081: expat security update

Passing malformed 2- and 3-byte UTF-8 sequences (e.g

Summary

Passing malformed 2- and 3-byte UTF-8 sequences (e.g. from start tag names) to the XML processing application on top of Expat can cause arbitrary damage (e.g. code execution) depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. (CVE-2022-25235)
Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML processor on top of Expat which can cause arbitrary damage (e.g. code execution) depending on such unexpectable cases are handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. (CVE-2022-25236)
Fix stack exhaustion in doctype parsing that could be triggered by e.g. a 2 megabytes file with a large number of opening braces. Expected impact is denial of service or potentially arbitrary code execution. (CVE-2022-25313)
Fix integer overflow in function copyString; only affects the encoding name parameter at parser creation time which is often hardcoded (rather than user input), takes a value in the gigabytes to trigger, and a 64-bit machine. Expected impact is denial of service. (CVE-2022-25314)
Fix integer overflow in function storeRawNames; needs input in the gigabytes and a 64-bit machine. Expected impact is denial of service or potentially arbitrary code execution. (CVE-2022-25315)

References

- https://bugs.mageia.org/show_bug.cgi?id=30070

- https://seclists.org/oss-sec/2022/q1/150

- https://ubuntu.com/security/notices/USN-5288-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315

Resolution

MGASA-2022-0081 - Updated expat packages fix security vulnerability

SRPMS

- 8/core/expat-2.2.10-1.3.mga8

Severity
Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0081.html
Type: security
CVE: CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved