Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.10: USN-7199-1 critical: libxmltok denial of service

ubuntu
Calendar Grey January 13, 2025
Dist Ubuntu Esm H88
Recent assessments show security vulnerabilities in libxmltok affecting Ubuntu releases. Users should upgrade to patched versions to enhance security and stability
Several security issues were fixed in libxmltok.

Summary

Several security issues were fixed in libxmltok.

Software Description:

- libxmltok: XML Parser Toolkit, runtime libraries

Details:

It was discovered that Expat, contained within the xmltok library,

incorrectly handled malformed XML data. If a user or application were

tricked into opening a crafted XML file, an attacker could cause a denial

of service, or possibly execute arbitrary code. (CVE-2015-1283,

CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)

It was discovered that Expat, contained within the xmltok library,

incorrectly handled XML data containing a large number of colons, which

could lead to excessive resource consumption. If a user or application

were tricked into opening a crafted XML file, an attacker could possibly

use this issue to cause a denial of service. (CVE-2018-20843)

It was discovered that Expat, contained within the xmltok library,

incorrectly handled certain input, which could lead to an integer

overflow. If a user or application were...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libxmltok1t64                   1.2-4.1ubuntu3.1

Ubuntu 24.04 LTS
   libxmltok1t64                   1.2-4.1ubuntu2.24.0.4.1+esm2
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   libxmltok1                      1.2-4ubuntu0.22.04.1~esm4
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libxmltok1                      1.2-4ubuntu0.20.04.1~esm4
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libxmltok1                      1.2-4ubuntu0.18.04.1~esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7199-1

  CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843,

  CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823,

  CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7199-1

Package Information

  https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here