Ubuntu 5525-1: Apache XML Security for Java vulnerability | LinuxSe...

Advisories

==========================================================================
Ubuntu Security Notice USN-5525-1
July 20, 2022

libxml-security-java vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Apache XML Security for Java could be made to expose sensitive information.

Software Description:
- libxml-security-java: Apache XML Security for Java

Details:

It was discovered that Apache XML Security for Java incorrectly passed a
configuration property when creating specific key elements. This allows an
attacker to abuse an XPath Transform to extract sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libxml-security-java 2.0.10-2+deb11u1build0.20.04.1

Ubuntu 18.04 LTS:
libxml-security-java 2.0.10-2~18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5525-1
CVE-2021-40690

Package Information:
https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2+deb11u1build0.20.04.1
https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2~18.04.1

Ubuntu 5525-1: Apache XML Security for Java vulnerability

July 20, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Apache XML Security for Java could be made to expose sensitive information. Software Description: - libxml-security-java: Apache XML Security for Java Details: It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libxml-security-java 2.0.10-2+deb11u1build0.20.04.1 Ubuntu 18.04 LTS: libxml-security-java 2.0.10-2~18.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5525-1

CVE-2021-40690

Severity
Ubuntu Security Notice USN-5525-1

Package Information

https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2+deb11u1build0.20.04.1 https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2~18.04.1

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.