-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8841-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8841 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303) * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304) * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * curl: HSTS bypass via IDN (CVE-2022-42916) * curl: HTTP proxy double-free (CVE-2022-42915) * curl: POST following PUT confusion (CVE-2022-32221) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * curl: control code in cookie denial of service (CVE-2022-35252) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: various flaws (CVE-2022-32206 CVE-2022-32208) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: c_rehash script allows command injection (CVE-2022-1292) * jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles 5. References: https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ISDNzjgjWX9erEAQgEARAAk3AoWC6HmNSunF0rR5yoCDY15obEy2RP yXhkBs62D3xZC8r1ZrA8cVUBQZy0NMmSJx6bQzWNA5gxli8rTvgoppeovTNSCLdu 5wAIhzmWFn8BSZeGH7Rmn/NIQ7aKgO2y461cCg1Nm7/Kl+JYeqUoWyx3tcTw5yPD edmdSxIW9EDKdOWlXd5dx8/zXeT6LeP5x/PTepI8dXQgSDm0fYnMPIrT8Ke+BNQ+ lgl7g7KH9HE8MbCmMROTTOMTpaZxE7B8ISlXcxmjhOiSmZ1uhp6AnDg/flccrI4J l5XF0YXej35npDxLPfFd7uGDGREB9vL2itlkwa4mtqVH6GlYbvPttF5AaiVTHJ5m IE3fJ6B6+HFRntBbrnydTohAxPDM+ne8lGLzqDEiOpZa3DW7+JT4g02uOuKoI+VX dz/498ASzNF1pfAKgUhl+E2I1odTM1zP+rdV+kbZ9EVJ+LgszdPFq9bWWuIpg7hY b0ZD8Wm3nUFMQwSv5DlwdSqcfrK6+08wO9yAAbzZGKVVtRKgAJUQFdjtvuP77+Wr vPOr3tOT0O5NCo7alVOhucn7KOKmPSQkMZ3rtJjdoCs/WLKJAY3jz5/HZEc59o2e 4uhDqFmRdfeXcS3b2MMliv6GYIjAOzfDmRKL9H01wGClNbguHYyFlEiozOKMfz4F RE3AhHs6QXA=9z8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce