Bugzilla – Bug 1196025
VUL-0: CVE-2022-25236: expat: xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Last modified: 2024-04-30 16:30:02 UTC
CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236 https://github.com/libexpat/libexpat/pull/561
Affected: - SUSE:SLE-11:Update - SUSE:SLE-15:Update - SUSE:SLE-11:Update - SUSE:SLE-15-SP4:Update - openSUSE:Factory
(In reply to Carlos López from comment #1) > Affected: > - SUSE:SLE-11:Update > - SUSE:SLE-15:Update > - SUSE:SLE-11:Update > - SUSE:SLE-15-SP4:Update > - openSUSE:Factory Wrong copy-paste: - SUSE:SLE-11:Update - SUSE:SLE-12:Update - SUSE:SLE-15:Update - SUSE:SLE-15-SP4:Update - openSUSE:Factory
This is an autogenerated message for OBS integration: This bug (1196025) was mentioned in https://build.opensuse.org/request/show/956337 Factory / expat
SUSE-SU-2022:0698-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1196025,1196026,1196168,1196169,1196171 CVE References: CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): expat-2.1.0-21.18.1 SUSE OpenStack Cloud Crowbar 8 (src): expat-2.1.0-21.18.1 SUSE OpenStack Cloud 9 (src): expat-2.1.0-21.18.1 SUSE OpenStack Cloud 8 (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server 12-SP5 (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): expat-2.1.0-21.18.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): expat-2.1.0-21.18.1 HPE Helion Openstack 8 (src): expat-2.1.0-21.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0713-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1196025,1196026,1196168,1196169,1196171 CVE References: CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 JIRA References: Sources used: SUSE Manager Server 4.1 (src): expat-2.2.5-3.15.1 SUSE Manager Retail Branch Server 4.1 (src): expat-2.2.5-3.15.1 SUSE Manager Proxy 4.1 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server for SAP 15 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Server 15-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Micro 5.1 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise Micro 5.0 (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): expat-2.2.5-3.15.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): expat-2.2.5-3.15.1 SUSE Enterprise Storage 7 (src): expat-2.2.5-3.15.1 SUSE Enterprise Storage 6 (src): expat-2.2.5-3.15.1 SUSE CaaS Platform 4.0 (src): expat-2.2.5-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14903-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1196025,1196026,1196168,1196169,1196171 CVE References: CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): expat-2.0.1-88.42.18.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): expat-2.0.1-88.42.18.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): expat-2.0.1-88.42.18.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): expat-2.0.1-88.42.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0713-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1196025,1196026,1196168,1196169,1196171 CVE References: CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 JIRA References: Sources used: openSUSE Leap 15.3 (src): expat-2.2.5-3.15.1
Related to Bug 1196784
SUSE-SU-2022:0842-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1196025,1196784 CVE References: CVE-2022-25236 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): expat-2.1.0-21.22.1 SUSE OpenStack Cloud Crowbar 8 (src): expat-2.1.0-21.22.1 SUSE OpenStack Cloud 9 (src): expat-2.1.0-21.22.1 SUSE OpenStack Cloud 8 (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server 12-SP5 (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): expat-2.1.0-21.22.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): expat-2.1.0-21.22.1 HPE Helion Openstack 8 (src): expat-2.1.0-21.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0844-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1196025,1196784 CVE References: CVE-2022-25236 JIRA References: Sources used: openSUSE Leap 15.3 (src): expat-2.2.5-3.19.1
SUSE-SU-2022:0844-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1196025,1196784 CVE References: CVE-2022-25236 JIRA References: Sources used: SUSE Manager Server 4.1 (src): expat-2.2.5-3.19.1 SUSE Manager Retail Branch Server 4.1 (src): expat-2.2.5-3.19.1 SUSE Manager Proxy 4.1 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server for SAP 15 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Server 15-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Micro 5.1 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise Micro 5.0 (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): expat-2.2.5-3.19.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): expat-2.2.5-3.19.1 SUSE Enterprise Storage 7 (src): expat-2.2.5-3.19.1 SUSE Enterprise Storage 6 (src): expat-2.2.5-3.19.1 SUSE CaaS Platform 4.0 (src): expat-2.2.5-3.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14934-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1196025,1196784 CVE References: CVE-2022-25236 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): expat-2.0.1-88.42.22.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): expat-2.0.1-88.42.22.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): expat-2.0.1-88.42.22.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): expat-2.0.1-88.42.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0844-2: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1196025,1196784 CVE References: CVE-2022-25236 JIRA References: Sources used: SUSE Linux Enterprise Micro 5.2 (src): expat-2.2.5-3.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.
SUSE-SU-2022:2294-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1196025,1196026,1196168,1196169,1196171,1196784 CVE References: CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 JIRA References: Sources used: openSUSE Leap 15.4 (src): expat-2.4.4-150400.3.6.9 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): expat-2.4.4-150400.3.6.9 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0782-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1196025, 1210638, 1219666 CVE References: CVE-2022-25236, CVE-2023-27043, CVE-2023-6597 Sources used: openSUSE Leap 15.4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 openSUSE Leap 15.5 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 Python 3 Module 15-SP5 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): python311-core-3.11.8-150400.9.23.1, python311-3.11.8-150400.9.23.1, python311-documentation-3.11.8-150400.9.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0784-1: An update that solves four vulnerabilities, contains two features and has two security fixes can now be installed. Category: security (important) Bug References: 1196025, 1210638, 1212015, 1214692, 1215454, 1219666 CVE References: CVE-2022-25236, CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 Jira References: PED-7886, SLE-21253 Sources used: openSUSE Leap 15.3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1, python39-documentation-3.9.18-150300.4.38.1 openSUSE Leap 15.5 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1, python39-documentation-3.9.18-150300.4.38.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1 SUSE Enterprise Storage 7.1 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0782-2: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1196025, 1210638, 1219666 CVE References: CVE-2022-25236, CVE-2023-27043, CVE-2023-6597 Maintenance Incident: [SUSE:Maintenance:32834](https://smelt.suse.de/incident/32834/) Sources used: Public Cloud Module 15-SP4 (src): python311-3.11.8-150400.9.23.1, python311-core-3.11.8-150400.9.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.