ALSA-2022:1643

[ALSA-2022:1643] Important: xmlrpc-c security update

Type:

security

Severity:

important

Release date:

2022-04-29

Description:

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.

Security Fix(es):

* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2022-25235

Updated packages listed below:

Architecture	Package	Checksum
i686	xmlrpc-c-c++-1.51.0-5.el8_5.1.i686.rpm	771b35f3c0194478e2cb8176890dfb23f55bffb4d5a4add27beff07ddf46cf4b
i686	xmlrpc-c-client++-1.51.0-5.el8_5.1.i686.rpm	c48d69b28f5ea196d0aedfae9d5cb02c641b7960b1a2b9f7d957ceb8f74238d8
i686	xmlrpc-c-devel-1.51.0-5.el8_5.1.i686.rpm	e41ca6a03c41dc6549c35ee7bd038dcc7153e165b9332eefcd7430139788f463
x86_64	xmlrpc-c-client++-1.51.0-5.el8_5.1.x86_64.rpm	23f3f77218dc0f497a0c1d063945df33a92afe439da3ed0360d054a4e51907ab
x86_64	xmlrpc-c-c++-1.51.0-5.el8_5.1.x86_64.rpm	5bc104ebc483138a79dcbb9fc3303e27032567defe5cf12cb08292ffc218ce8e
x86_64	xmlrpc-c-devel-1.51.0-5.el8_5.1.x86_64.rpm	8795b8102dbcfec9b4c8728093146d0f3bef5329bcb415cf8fcc5600ac497431

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.