Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 16.04 LTS USN-6274-1: XMLTooling Server-Side Action Threat

ubuntu
Calendar Grey August 3, 2023
Dist Ubuntu Esm H88
Unforeseen server behaviors linked to OpenSSL weakness outlined in Ubuntu Security Notice USN-6298-1 from September 2023.
XMLTooling could be made to allow for unintended server side actions if it received specially crafted input.

Summary

XMLTooling could be made to allow for unintended server side actions

if it received specially crafted input.

Software Description:

- xmltooling: C++ XML parsing library with encryption support

Details:

Jurien de Jong discovered that XMLTooling did not properly handle certain

KeyInfo element content within an XML signature. An attacker could possibly

use this issue to achieve server-side request forgery.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libxmltooling6v5                1.5.6-2ubuntu0.3+esm1

After a standard system update you need to restart the
shibd process to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6274-1

  CVE-2023-36661

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6274-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here