Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 24.04 LTS USN-8023-1 libxmltok Important Denial of Service

ubuntu
Calendar Grey February 11, 2026
Dist Ubuntu Esm H88
Several security issues in xmltok library affect Ubuntu users. Recommendations provided for updates to ensure protection.
Several security issues were fixed in the xmltok library.

Summary

Several security issues were fixed in the xmltok library.

Software Description:

- libxmltok: XML Parser Toolkit, runtime libraries

Details:

It was discovered that Expat, contained within the xmltok library, incorrectly

handled the initialization of parsers for external entities. An attacker could

possibly use this issue to cause a denial of service. (CVE-2026-24515)

It was discovered that Expat, contained within the xmltok library, incorrectly

handled integer calculations when allocating memory for XML tags. An attacker

could possibly use this issue to cause a denial of service or execute arbitrary

code. (CVE-2026-25210)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libxmltok1t64                   1.2-4.1ubuntu2.24.0.4.1+esm4
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libxmltok1                      1.2-4ubuntu0.22.04.1~esm6
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libxmltok1                      1.2-4ubuntu0.20.04.1~esm6
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libxmltok1                      1.2-4ubuntu0.18.04.1~esm6
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libxmltok1                      1.2-3ubuntu0.16.04.1~esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8023-1

CVE-2026-24515, CVE-2026-25210

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8023-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.