USN-7000-1: Expat vulnerabilities
12 September 2024
Several security issues were fixed in Expat.
Releases
Packages
- expat - XML parsing C library
Details
Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
Ubuntu 20.04
Ubuntu 18.04
-
expat
-
2.2.5-3ubuntu0.9+esm1
Available with Ubuntu Pro
-
libexpat1
-
2.2.5-3ubuntu0.9+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
expat
-
2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro
-
lib64expat1
-
2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro
-
libexpat1
-
2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro
Ubuntu 14.04
-
expat
-
2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro
-
lib64expat1
-
2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro
-
libexpat1
-
2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7000-2: libexpat1, expat, libexpat1-dev
- USN-7001-1: libxmltok1-dev, libxmltok1, libxmltok
- USN-7001-2: libxmltok1t64, libxmltok1-dev, libxmltok