Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2022:6834 - Security Advisory
Issued:
2022-10-06
Updated:
2022-10-06

RHSA-2022:6834 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: expat security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for expat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Expat is a C library for parsing XML documents.

Security Fix(es):

  • expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

CVEs

  • CVE-2022-40674

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
x86_64
expat-2.1.0-15.el7_9.i686.rpm SHA-256: 510a7e70777acc2388bbe2502d39666318f20a73d914ef241176b000e561b871
expat-2.1.0-15.el7_9.x86_64.rpm SHA-256: 069916d3b0fc03ab1d0824adb12382fb982440539f8a41729d1f4b75343c5187
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-devel-2.1.0-15.el7_9.i686.rpm SHA-256: dcfb408299a9702aeee520d63d7250016bfd05df2aabc210eb92582a7313c522
expat-devel-2.1.0-15.el7_9.x86_64.rpm SHA-256: b8b2c977a12337b0d924bb315a7eddfdbb25a0fa22b6a68cd895d0e5c91c5fca
expat-static-2.1.0-15.el7_9.i686.rpm SHA-256: c1ef7f056cbabfe9f6a79e8acfe814e3caa5a36d40132dbfaf30f2b8bbae289b
expat-static-2.1.0-15.el7_9.x86_64.rpm SHA-256: e1db7d5d1f461d6842990a1c58671598640ab6564a205fbe5e408ee923c58c3c

Red Hat Enterprise Linux Workstation 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
x86_64
expat-2.1.0-15.el7_9.i686.rpm SHA-256: 510a7e70777acc2388bbe2502d39666318f20a73d914ef241176b000e561b871
expat-2.1.0-15.el7_9.x86_64.rpm SHA-256: 069916d3b0fc03ab1d0824adb12382fb982440539f8a41729d1f4b75343c5187
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-devel-2.1.0-15.el7_9.i686.rpm SHA-256: dcfb408299a9702aeee520d63d7250016bfd05df2aabc210eb92582a7313c522
expat-devel-2.1.0-15.el7_9.x86_64.rpm SHA-256: b8b2c977a12337b0d924bb315a7eddfdbb25a0fa22b6a68cd895d0e5c91c5fca
expat-static-2.1.0-15.el7_9.i686.rpm SHA-256: c1ef7f056cbabfe9f6a79e8acfe814e3caa5a36d40132dbfaf30f2b8bbae289b
expat-static-2.1.0-15.el7_9.x86_64.rpm SHA-256: e1db7d5d1f461d6842990a1c58671598640ab6564a205fbe5e408ee923c58c3c

Red Hat Enterprise Linux Desktop 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
x86_64
expat-2.1.0-15.el7_9.i686.rpm SHA-256: 510a7e70777acc2388bbe2502d39666318f20a73d914ef241176b000e561b871
expat-2.1.0-15.el7_9.x86_64.rpm SHA-256: 069916d3b0fc03ab1d0824adb12382fb982440539f8a41729d1f4b75343c5187
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-devel-2.1.0-15.el7_9.i686.rpm SHA-256: dcfb408299a9702aeee520d63d7250016bfd05df2aabc210eb92582a7313c522
expat-devel-2.1.0-15.el7_9.x86_64.rpm SHA-256: b8b2c977a12337b0d924bb315a7eddfdbb25a0fa22b6a68cd895d0e5c91c5fca
expat-static-2.1.0-15.el7_9.i686.rpm SHA-256: c1ef7f056cbabfe9f6a79e8acfe814e3caa5a36d40132dbfaf30f2b8bbae289b
expat-static-2.1.0-15.el7_9.x86_64.rpm SHA-256: e1db7d5d1f461d6842990a1c58671598640ab6564a205fbe5e408ee923c58c3c

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
s390x
expat-2.1.0-15.el7_9.s390.rpm SHA-256: edb539871384d6a95106a914acf08ea6fa74e612cefcf36c4d39c0878ed72740
expat-2.1.0-15.el7_9.s390x.rpm SHA-256: 8f6e30501197149268dc4f2641507ecb9a0f3f459933a81e925bec047f30ada7
expat-debuginfo-2.1.0-15.el7_9.s390.rpm SHA-256: 981d1d7cfda67bdb5ecad9c3eafd712c685b59796613a95283d543c5aef3cdb2
expat-debuginfo-2.1.0-15.el7_9.s390.rpm SHA-256: 981d1d7cfda67bdb5ecad9c3eafd712c685b59796613a95283d543c5aef3cdb2
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm SHA-256: 5bd1352cc5ec10df3280f0ba303aa3a0f7982d6b57eb10e29fab5a850f6acc2c
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm SHA-256: 5bd1352cc5ec10df3280f0ba303aa3a0f7982d6b57eb10e29fab5a850f6acc2c
expat-devel-2.1.0-15.el7_9.s390.rpm SHA-256: 371ff18d11630b8726c2dd89728bea1d8b922eb61f8da77ed7ebf748aaf14ecd
expat-devel-2.1.0-15.el7_9.s390x.rpm SHA-256: 9f2a749d0d3f12028660d7468cf81b5f5dc4b1c46b3042f3039d63eb3b66205e
expat-static-2.1.0-15.el7_9.s390.rpm SHA-256: 875c54c732c2f978a348b37b90a8cf2546b748d60d418ffdbe01e4e156931828
expat-static-2.1.0-15.el7_9.s390x.rpm SHA-256: 54ac7844587ee28c5a752cf0f9588ff2a9774cf5615f5a1195eda38f0380704e

Red Hat Enterprise Linux for Power, big endian 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
ppc64
expat-2.1.0-15.el7_9.ppc.rpm SHA-256: ce7fdd37965fd6fe03678520389f35a57941192a41479941d07be584a4a6386c
expat-2.1.0-15.el7_9.ppc64.rpm SHA-256: 88dcb731e5511cc14705df086f8f7fb925d4c3bdfde70e728fa3478558ebc71c
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm SHA-256: 604473bdddc6cfb7b7b77690da752508bae61b2af500a8fdc9e30bca59ecde19
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm SHA-256: 604473bdddc6cfb7b7b77690da752508bae61b2af500a8fdc9e30bca59ecde19
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm SHA-256: 4d5dfbd696ec97068265255154d3136bfe775a0d66f600b5070dbfb4bff7e724
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm SHA-256: 4d5dfbd696ec97068265255154d3136bfe775a0d66f600b5070dbfb4bff7e724
expat-devel-2.1.0-15.el7_9.ppc.rpm SHA-256: 76da8ea24165cdbba79bd4eee8c751d2623219873a7284f33aa9c2a18564529f
expat-devel-2.1.0-15.el7_9.ppc64.rpm SHA-256: 1b1cd63b6ece50efdf58a32313b79dd7ed42799d27e29b7ab35a9715eeb42080
expat-static-2.1.0-15.el7_9.ppc.rpm SHA-256: d2aab6e4810c3bf7dbb2590901f65b927569770509125ae5e045b170b8a6135d
expat-static-2.1.0-15.el7_9.ppc64.rpm SHA-256: 189c36267ec423fc004f7601b3e3cbf41f6809be6f75b2779f592d34237f8093

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
x86_64
expat-2.1.0-15.el7_9.i686.rpm SHA-256: 510a7e70777acc2388bbe2502d39666318f20a73d914ef241176b000e561b871
expat-2.1.0-15.el7_9.x86_64.rpm SHA-256: 069916d3b0fc03ab1d0824adb12382fb982440539f8a41729d1f4b75343c5187
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.i686.rpm SHA-256: d2479ed61fbf9d961e0152c64e091fe79c436f666e2718a69b6955e47b15519f
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm SHA-256: 7e8526fa22b3c7e9e695a92af5af915ec724a3a1ab96ecca84eeac4e05aa0da6
expat-devel-2.1.0-15.el7_9.i686.rpm SHA-256: dcfb408299a9702aeee520d63d7250016bfd05df2aabc210eb92582a7313c522
expat-devel-2.1.0-15.el7_9.x86_64.rpm SHA-256: b8b2c977a12337b0d924bb315a7eddfdbb25a0fa22b6a68cd895d0e5c91c5fca
expat-static-2.1.0-15.el7_9.i686.rpm SHA-256: c1ef7f056cbabfe9f6a79e8acfe814e3caa5a36d40132dbfaf30f2b8bbae289b
expat-static-2.1.0-15.el7_9.x86_64.rpm SHA-256: e1db7d5d1f461d6842990a1c58671598640ab6564a205fbe5e408ee923c58c3c

Red Hat Enterprise Linux for Power, little endian 7

SRPM
expat-2.1.0-15.el7_9.src.rpm SHA-256: e0612fbe71b8e0d7fde6eb2f0533d8784f1096113a7439ae8b9e82f622499378
ppc64le
expat-2.1.0-15.el7_9.ppc64le.rpm SHA-256: 5741436a443e8a121f7e1d9b6b5b9cde997f695703347ecf4bd465d22c3eb6d3
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm SHA-256: 728cabebc99d4e040939ddea7387cbb6ae328956c9457e01ef1d67a81f6c398a
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm SHA-256: 728cabebc99d4e040939ddea7387cbb6ae328956c9457e01ef1d67a81f6c398a
expat-devel-2.1.0-15.el7_9.ppc64le.rpm SHA-256: e2601782be773671441030f762c91968b953a40fb9504008a816bd53f5819274
expat-static-2.1.0-15.el7_9.ppc64le.rpm SHA-256: df0310dabb3f7115535d63b36263b16de0e4a12881a42a02fe4604ac74036c7b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter