Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
🔗 CVE IDs covered (21)
📋 Description
CVE-2018-25032 — zlib: A flaw found in zlib when compressing (not decompressing) certain inputs CVE-2021-33193 — httpd: Request splitting via HTTP/2 method injection and mod_proxy CVE-2021-36160 — httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path CVE-2021-39275 — httpd: Out-of-bounds write in ap_escape_quotes() via malicious input CVE-2021-41524 — httpd: NULL pointer dereference via crafted request during HTTP/2 request processing CVE-2021-44224 — httpd: possible NULL dereference or SSRF in forward proxy configurations CVE-2021-45960 — expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-46143 — expat: Integer overflow in doProlog in xmlparse.c CVE-2022-22822 — expat: Integer overflow in addBinding in xmlparse.c CVE-2022-22823 — expat: Integer overflow in build_model in xmlparse.c CVE-2022-22824 — expat: Integer overflow in defineAttribute in xmlparse.c CVE-2022-22825 — expat: Integer overflow in lookup in xmlparse.c CVE-2022-22826 — expat: Integer overflow in nextScaffoldPart in xmlparse.c CVE-2022-22827 — expat: Integer overflow in storeAtts in xmlparse.c CVE-2022-23852 — expat: Integer overflow in function XML_GetBuffer CVE-2022-23990 — expat: integer overflow in the doProlog function CVE-2022-25235 — expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25236 — expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution CVE-2022-25313 — expat: Stack exhaustion in doctype parsing CVE-2022-25314 — expat: Integer overflow in copyString() CVE-2022-25315 — expat: Integer overflow in storeRawNames()
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2022:7144
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1966728
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2005119
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2005124
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2010934
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2034672
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044467
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044488
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044613
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2048356
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056350
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056354
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056366
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056370
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2067945
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7144.json