Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Ubuntu 12.04 ESM USN-3841-2 Critical lxml Cross-Site Scripting

Calendar Dec 10, 2018 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory update critical cross-site scripting Ubuntu lxml Python package
lxml could allow cross-site scripting (XSS) attacks. 
=========================================================================Ubuntu Security Notice USN-3841-2
December 10, 2018

lxml vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

lxml could allow cross-site scripting (XSS) attacks.

Software Description:
- lxml: pythonic binding for the libxml2 and libxslt libraries

Details:

USN-3841-1 fixed a vulnerability in lxml. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that lxml incorrectly handled certain HTML files.
 An attacker could possibly use this issue to conduct cross-site
 scripting (XSS) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  python-lxml                     2.3.2-1ubuntu0.3
  python3-lxml                    2.3.2-1ubuntu0.3

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3841-2
  https://ubuntu.com/security/notices/USN-3841-1
  CVE-2018-19787

Ubuntu 12.04 ESM USN-3841-2 Critical lxml Cross-Site Scripting

ubuntu
Calendar Grey December 10, 2018
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
lxml could allow cross-site scripting (XSS) attacks.

Summary

Topics%20covered

Topics Covered

security advisory update critical cross-site scripting Ubuntu lxml Python package

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:   python-lxml                     2.3.2-1ubuntu0.3   python3-lxml                    2.3.2-1ubuntu0.3 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3841-2

  https://ubuntu.com/security/notices/USN-3841-1

  CVE-2018-19787

Severity
critical
Lowest
Low
Medium
High
Critical

December 10, 2018

Topics%20covered

Topics Covered

security advisory update critical cross-site scripting Ubuntu lxml Python package

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here