Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2022:6831 - Security Advisory
Issued:
2022-10-06
Updated:
2022-10-06

RHSA-2022:6831 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: expat security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for expat is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Expat is a C library for parsing XML documents.

Security Fix(es):

  • expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

CVEs

  • CVE-2022-40674

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
s390x
expat-2.2.5-4.el8_4.4.s390x.rpm SHA-256: bf4d6aa738b4ee56e592e4ff6d623566199ca8080960f011787d273498acfe88
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm SHA-256: 9e20dd5965b84a2e81b7fde8e4193df09be36fce623574ab0bdd71f1f17ff859
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm SHA-256: ce34aa9a8f44bf17a959476c45a02db45c7747a9257d812d2850293c76201f3f
expat-devel-2.2.5-4.el8_4.4.s390x.rpm SHA-256: 98913a8444058ce6279c089763948fd1797aefd8e550a917b690a69329e82c83

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
ppc64le
expat-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 9d0e2af981600e995075a346434b52488b035a6b025e3525cc23a5f25a7e7be6
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: f5bd02d3520d21295e6c645d0f8147522fd49408c0f1ec690be28f50f9d2187b
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 37733f7a0e51e13843f7e8f92ceb3e971855b5046e6afe96b6c9117b15d4ce20
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 4fa846955f3bfa762e052de05d848f131b2ab3ae73fa8ab9d25487793929d499

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
aarch64
expat-2.2.5-4.el8_4.4.aarch64.rpm SHA-256: b022366c2f943115438e39db3f1f74a9b5c67dfae5ba3431c99d97ca0358fc0c
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm SHA-256: 74a095a65928a930e69ec4bc995255f98df8bb7bbb97d274aa6c896662cd8df7
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm SHA-256: a4597e9b2502705e7e4b21e0395508b8a52b9f03caf4b6cb9a1638b4b08d9fe9
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm SHA-256: 38f59a8b15ade35ff136514af162a6c36861bcee2acf0fd331633bffc6fd5786

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
ppc64le
expat-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 9d0e2af981600e995075a346434b52488b035a6b025e3525cc23a5f25a7e7be6
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: f5bd02d3520d21295e6c645d0f8147522fd49408c0f1ec690be28f50f9d2187b
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 37733f7a0e51e13843f7e8f92ceb3e971855b5046e6afe96b6c9117b15d4ce20
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm SHA-256: 4fa846955f3bfa762e052de05d848f131b2ab3ae73fa8ab9d25487793929d499

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
expat-2.2.5-4.el8_4.4.src.rpm SHA-256: b20401d19feeb36a316570c621aeda84fa209f2b9294fae8f4230e88afe6473a
x86_64
expat-2.2.5-4.el8_4.4.i686.rpm SHA-256: d6d74506b1f563495d645e6b405260473cfad5ac41127a2cf454e0275f0dc194
expat-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 34a6f33da5d563e25079872da5b0da48fea1dae147c9f7973fe563c0634d5b71
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2435b95cdd7c63816947582ee567e020312f735d1b70cdedea8ad6dfc20cfe51
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 37fd6910c48a78a4d93a0d3c10652678500a35299f3594e42b57b9d56bc53e53
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm SHA-256: 2b28f8cc8aaa2de8e099c5d78b27f18972236caf2d86c120dc60007b3a77fb74
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: dab33e8453951c2838ac99a9c8e043fb08a6462084eddccc9289e814f72441e3
expat-devel-2.2.5-4.el8_4.4.i686.rpm SHA-256: 3f3fcc071e5502028e7264589ba1dcda9a287f30c59ff38a288a924d761b4bee
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm SHA-256: 4c99b04fe990d609617cfbd58edf929648ce2fcb594f4247a22d8e5322f4aef7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter