RHSA-2022:1644: Important: xmlrpc-c security update
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.Security Fix(es): expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:1644?
The severity of RHSA-2022:1644 is classified as important.
How do I fix RHSA-2022:1644?
To resolve RHSA-2022:1644, you should update the xmlrpc-c packages to version 1.51.0-5.el8_4.1 or later.
What software packages are affected by RHSA-2022:1644?
The affected packages for RHSA-2022:1644 include xmlrpc-c, xmlrpc-c-client, xmlrpc-c-devel, and their respective debug and debuginfo packages.
What platforms are affected by RHSA-2022:1644?
RHSA-2022:1644 affects multiple platforms, including x86_64 and ppc64le.
Is a reboot required after applying the fix for RHSA-2022:1644?
A reboot is not typically required after applying the fix for RHSA-2022:1644.