RedHat: RHSA-2022-1539:01 Important: xmlrpc-c security update | Lin...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: xmlrpc-c security update
Advisory ID:       RHSA-2022:1539-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1539
Issue date:        2022-04-26
CVE Names:         CVE-2022-25235 
=====================================================================

1. Summary:

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode
its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide
a network protocol to allow a client program to make a simple RPC (remote
procedure call) over the Internet. It converts an RPC into an XML document,
sends it to a remote server using HTTP, and gets back the response in XML.

Security Fix(es):

* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code
execution (CVE-2022-25235)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:
xmlrpc-c-1.51.0-5.el8_1.1.src.rpm

aarch64:
xmlrpc-c-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-client-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm
xmlrpc-c-debugsource-1.51.0-5.el8_1.1.aarch64.rpm

ppc64le:
xmlrpc-c-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-client-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm
xmlrpc-c-debugsource-1.51.0-5.el8_1.1.ppc64le.rpm

s390x:
xmlrpc-c-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-client-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.s390x.rpm
xmlrpc-c-debugsource-1.51.0-5.el8_1.1.s390x.rpm

x86_64:
xmlrpc-c-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-client-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-client-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm
xmlrpc-c-debugsource-1.51.0-5.el8_1.1.i686.rpm
xmlrpc-c-debugsource-1.51.0-5.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYmga8dzjgjWX9erEAQgapw//XhcvNxYnp6Qtm/aJepfUAUEL5c3eXy4d
u9bXtLD3mLIyJH6K698F74TxK8uIeC00t0jw/M5y57YORd+bMt13H1bgKf3DCBw7
G8MHTwWhwhT1ex8jJo3TcG05+ounKqs70J+MtlpxDNOpUEpbX8mDsWE53SYeYr76
l/ibI229I/nJO8vboz/Qmg3vcTI+k8iGJNnqVN2THRtgUXfZ4CnbNFzKe3x1VX8b
uttEBxp6tOnXjqLJ4XCeywJbA1ef44nvD6BhIznxZ2MfUEgRBdLM63AcTzTFk8Ie
2slI9OfBtCVaJV9UnQxrrY12nY1RS6Vjp//NqhEMxEYcq2XozBLMXMitrHdXPwb7
rB8KUdtTdv7caHVWb6l94eOrTM8qAA6wgkQ8DYvzX+5CWj7cHSQUcduBp4OdL6b+
p4skOpKWVgQUgxvoEknT9wLuUzzD7hqoQbPTGxRtgBD4dAvWAKO+jAcHWcLtS/dw
R537E4emI7BvPVXoT6OeLN9u8cr+0/nJIdB5JZwLqx2vQ+nkl5k0nyVDvIr2R6Cy
yrFF0nZWDpKWD28TtlKZsa9NQe/YRPSbmrEW1fLD+NudzhuLQZcNb7/sRKZEuxv1
kXArqwtv1pU3+EUM70nvmmRRb2KH2a9983S4HfTb129fcSgXeglYIekTVHA3jARH
rbuSYb0t5Ew=
=NpRA
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1539:01 Important: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Summary

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):
Source: xmlrpc-c-1.51.0-5.el8_1.1.src.rpm
aarch64: xmlrpc-c-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-client-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_1.1.aarch64.rpm
ppc64le: xmlrpc-c-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-client-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_1.1.ppc64le.rpm
s390x: xmlrpc-c-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-client-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_1.1.s390x.rpm
x86_64: xmlrpc-c-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-client-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-client-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_1.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_1.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:1539-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1539
Issued Date: : 2022-04-26
CVE Names: CVE-2022-25235

Topic

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.1Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.