Not a user yet?
Log in Register for free Suggest a product
Update

USN-7001-2: xmltok library vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7001-2: xmltok library vulnerabilities
17 September 2024

Several security issues were fixed in libxmltok.

Releases
Ubuntu 24.04 LTS

Packages
libxmltok - XML Parser Toolkit, developer libraries

Details
USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04
libxmltok1t64 - 1.2-4.1ubuntu2.24.0.4.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.

More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad