Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu Security Update 7240-1: libxml2 Denial of Service Risks

ubuntu
Calendar Grey January 29, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities resolved in libxml2 impacting Ubuntu LTS versions. Upgrade your system for enhanced protection.
Several security issues were fixed in libxml2.

Summary

Several security issues were fixed in libxml2.

Software Description:

- libxml2: GNOME XML library

Details:

It was discovered that libxml2 incorrectly handled certain memory

operations. A remote attacker could use this issue to cause libxml2 to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2022-49043)

It was discovered that the libxml2 xmllint tool incorrectly handled

certain memory operations. If a user or automated system were tricked into

running xmllint on a specially crafted xml file, a remote attacker could

cause xmllint to crash, resulting in a denial of service. (CVE-2024-34459)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libxml2                         2.9.14+dfsg-1.3ubuntu3.1

Ubuntu 22.04 LTS
   libxml2                         2.9.13+dfsg-1ubuntu0.5

Ubuntu 20.04 LTS
   libxml2                         2.9.10+dfsg-5ubuntu0.20.04.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7240-1

CVE-2022-49043, CVE-2024-34459

Severity
medium
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7240-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here