StarlingX

CVE-2022-23990: expat: integer overflow in the doProlog function

Bug #1975755 reported by Joe Slater
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Joe Slater

Bug Description

CVE-2022-23990: https://nvd.nist.gov/vuln/detail/CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Description:

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Score:
cve_id status cvss2Score av ac au ai

CVE-2022-23990 fixed 7.5 N L N C

Note:

No fix on CentOS 7, so we need to covert expat to source rpm and fix it by applying a source patch

Severity: Critical CVE

See original description

CVE References

Joe Slater (jslater0wind)
Changed in starlingx:
assignee: nobody → Joe Slater (jslater0wind)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to integ (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/integ/+/844891

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to compile (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/compile/+/845644

Ghada Khalil (gkhalil)
information type: Public → Public Security
tags: added: stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on integ (master)

Change abandoned by "Joe Slater <email address hidden>" on branch: master
Review: https://review.opendev.org/c/starlingx/integ/+/844891
Reason: superceded

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tools (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/847409

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to compile (master)

Reviewed: https://review.opendev.org/c/starlingx/compile/+/845644
Committed: https://opendev.org/starlingx/compile/commit/e3a2ee794cd814ee5b3e764080f4c2f9d3646b68
Submitter: "Zuul (22348)"
Branch: master

commit e3a2ee794cd814ee5b3e764080f4c2f9d3646b68
Author: Joe Slater <email address hidden>
Date: Mon Jun 13 18:09:27 2022 -0400

    expat: fix CVE-2022-23990

    centos7 updates are sporadic and this has not
    been addressed, so we change to building from
    source and patching in the fix.

    *** Testing
    We want to sanity check xmlwf, an xml format checker.

    Build and boot iso, log in, then

     $ xmlwf -c -d . /tmp/firewalld/zones/public.xml
     $ cat public.xml

    which should be a copy of the original.
    ***

    Closes-Bug: 1975755
    Change-Id: I3a276e0340895a3e9d38ba8dd7741d55d8f94b81
    Signed-off-by: Joe Slater <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/847409
Committed: https://opendev.org/starlingx/tools/commit/820ce795b8a1f860414e0d6428df24f4387a5dc4
Submitter: "Zuul (22348)"
Branch: master

commit 820ce795b8a1f860414e0d6428df24f4387a5dc4
Author: Joe Slater <email address hidden>
Date: Thu Jun 23 16:51:04 2022 -0400

    expat: fix CVE-2022-23990

    Following merge of 845644, we no longer need expat-devel
    since it will be built from source.

    Partial-Bug: 1975755
    Change-Id: Ia3fc7c4d45fe400acb759018803b7fc5b44d53b0
    Signed-off-by: Joe Slater <email address hidden>

Ghada Khalil (gkhalil)
summary: - CVE-2022-23990 expat
+ CVE-2022-23990: expat: libexpat before 2.4.4 has an integer overflow in
+ the doProlog function
summary: - CVE-2022-23990: expat: libexpat before 2.4.4 has an integer overflow in
- the doProlog function
+ CVE-2022-23990: expat: integer overflow in the doProlog function
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Medium
Ghada Khalil (gkhalil)
tags: added: stx.7.0
description: updated
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.