RHSA-2022:1540: Important: xmlrpc-c security update
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.<br>Security Fix(es):<br><li> expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:1540?
The severity of RHSA-2022:1540 is classified as important.
How do I fix RHSA-2022:1540?
To fix RHSA-2022:1540, update the xmlrpc-c package to version 1.51.0-5.el8_2.1 or later.
Which software packages are affected by RHSA-2022:1540?
The affected packages for RHSA-2022:1540 include xmlrpc-c, xmlrpc-c-client, xmlrpc-c-apps-debuginfo, and others.
What is the release date of the RHSA-2022:1540 advisory?
The release date of the RHSA-2022:1540 advisory is not specified in the provided information.
Is RHSA-2022:1540 relevant for my system?
RHSA-2022:1540 is relevant for systems using the xmlrpc-c package version prior to 1.51.0-5.el8_2.1.