USN-7000-1: Expat vulnerabilities
USN-7000-1: Expat vulnerabilities
12 September 2024
Several security issues were fixed in Expat.
Releases
Ubuntu 24.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM
Packages
expat - XML parsing C library
Details
Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat did properly handle the potential
for an integer overflow on 32-bit platforms. An attacker could use this
issue to cause a denial of service or possibly execute arbitrary code.
(CVE-2024-45491, CVE-2024-45492)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
expat - 2.6.1-2ubuntu0.1
libexpat1 - 2.6.1-2ubuntu0.1