Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 24.04 LTS USN-8023-1 libxmltok Important Denial of Service
Several security issues were fixed in the xmltok library.. ========================================================================== Ubuntu Security Notice USN-8023-1 February 11, 2026 libxmltok vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the xmltok library. Software Description: - libxmltok: XML Parser Toolkit, runtime libraries Details: It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat, contained within the xmltok library, incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm4 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmltok1 1.2-4ubuntu0.22.04.1~esm6 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmltok1 1.2-4ubuntu0.20.04.1~esm6 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmltok1 1.2-4ubuntu0.18.04.1~esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS libxmltok1 1.2-3ubuntu0.16.04.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8023-1 CVE-2026-24515, CVE-2026-25210 . Several security issues in xmltok library affect Ubuntu users. Recommendations provided for updates to ensure protection.. xmltok security fix, Ubuntu library update, Denial of Service threat, xmltok vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Feb 11, 2026
•Important
Ubuntu
98
security advisoryRed Hat Enterprise LinuximportantRed Hat Enterprise Linux 8 RHSA-2023-3068 Important: Expat Security Update
An update for mingw-expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mingw-expat security update Advisory ID: RHSA-2023:3068-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3068 Issue date: 2023-05-16 CVE Names: CVE-2022-40674 ==================================================================== 1. Summary: An update for mingw-expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux CRB (v. 8) - noarch 3. Description: Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 6. Package List: Red Hat Enterprise Linux CRB (v. 8): Source: mingw-expat-2.4.8-2.el8.src.rpm noarch: mingw32-expat-2.4.8-2.el8.noarch.rpm mingw32-expat-debuginfo-2.4.8-2.el8.noarch.rpm mingw64-expat-2.4.8-2.el8.noarch.rpm mingw64-expat-debuginfo-2.4.8-2.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNu8NzjgjWX9erEAQiQtRAAh6NrHbZB8HPv/kwbdws7WxdctjqZ4GcT 3mWKMxDujeyUgi4nKQ7Vid+GENP/OAnQ22Qa5Y8LTorMaRo6yuPwDVfUXgj7Mnda 5sUPudaqD21K+zcLF9d0CbeF65mlCFbSqHcxTWyjdlndKOp/Grg4cwVsN1ivLFQw HLXfvBPWhd40q0tvypbsgYnRZVOB7Zx9icIbgmsA4Xlrlu0u403g4c4NVT3xn8hc yH5BHuTf7Mc7QVC1aDAeatWTnIkd8W+jYgWFcOYrrnj1CPVdcMfVTlSAiCBi4/Yz L2WScrQjAYqpADQIJTD9xqDl1uYAlpDDHJZ/et13DpVuFIAhIGDPGPQ5aPewsMtZ cEdFG4STbc9qKmh4HzscPlu+1gwqySoQI43A3iaSBEY7j0StEokPNINPAUCqy/vG NTOY1uLXw6ZHNafeRGXnhMPI8PvuYiYPktYE7VAb/n6ztsKUuEccB9FxB0hCaeU/ M3sySHve6OQMQp3Ny+TsA7YFbSH8q1p94U++16ZVyfJzclrW8QTu8YSYYpoaRhLi 0s99DyKJl8jlWeCVTJNGG/eT57/eDyaJCdKlGWhWsF5ASlFxgsIGgovzOId1fA28 XS9jeQcHKoSYd3+HgyTi22x5AR8+Gwhp7yURbUP09iR4SrZnBsBsdm2GyGG1t6g8 fPAhGF/mLqA=/UAX -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
•Important
Red Hat
172
security advisorydenial of servicesecurity issueUbuntu 16.04 ESM USN-5674-1: Critical XML Library DoS Issue
XML Security Library could be made to crash if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5674-1 October 13, 2022 xmlsec1 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: XML Security Library could be made to crash if it opened a specially crafted file. Software Description: - xmlsec1: XML security command line processor Details: It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libxmlsec1 1.2.20-2ubuntu4+esm1 xmlsec1 1.2.20-2ubuntu4+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5674-1 CVE-2017-1000061 . A critical vulnerability exists in the XML Security Library on Ubuntu 16.04 ESM. It can lead to system crashes and data leakage, requiring immediate patching and assessments.. Ubuntu XML Security, xmlsec1 Fix, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Oct 13, 2022
•Critical
Ubuntu
89
security advisorysecurity issueFedoraFedora 32: php-robrichards-xmlseclibs1 Update for Critical Security Issue
## 1.4.3 (12, Nov 2019) ### Security Improvements: - Insure only a single SignedInfo element exists within a signature during verification. Refs [CVE-2019-3465](https://nvd.nist.gov/vuln/detail/CVE-2019-3465).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-af82229ae5 2020-04-25 02:14:03.392898 --------------------------------------------------------------------------------Name : php-robrichards-xmlseclibs1 Product : Fedora 32 Version : 1.4.3 Release : 1.fc32 URL : https://github.com/robrichards/xmlseclibs Summary : A PHP library for XML Security (version 1) Description : xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required --specifically for the following XMLSecurityKey encryption types: - XMLSecurityKey::AES128_CBC - XMLSecurityKey::AES192_CBC - XMLSecurityKey::AES256_CBC - XMLSecurityKey::TRIPLEDES_CBC Autoloader: /usr/share/php/robrichards-xmlseclibs/autoload.php --------------------------------------------------------------------------------Update Information: ## 1.4.3 (12, Nov 2019) ### Security Improvements: - Insure only a single SignedInfo element exists within a signature during verification. Refs [CVE-2019-3465](https://nvd.nist.gov/vuln/detail/CVE-2019-3465). --------------------------------------------------------------------------------ChangeLog: * Sun Apr 5 2020 Shawn Iwinski - 1.4.3-1 - Update to 1.4.3 (RHBZ #1771533, CVE-2019-3465) - https://nvd.nist.gov/vuln/detail/CVE-2019-3465 --------------------------------------------------------------------------------References: [ 1 ] Bug #1771533 - php-robrichards-xmlseclibs1-1.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1771533 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-af82229ae5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 24, 2020
•Critical
Fedora
89
security advisorysecurity issuesoftware updateFedora 31 PHP-RobRichards-Xmlseclibs Security Advisory 2019-73d0fe1d15
## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-73d0fe1d15 2019-11-15 03:00:50.375490 --------------------------------------------------------------------------------Name : php-robrichards-xmlseclibs Product : Fedora 31 Version : 2.1.1 Release : 1.fc31 URL : https://github.com/robrichards/xmlseclibs Summary : A PHP library for XML Security Description : xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required --specifically for the following XMLSecurityKey encryption types: - XMLSecurityKey::AES128_CBC - XMLSecurityKey::AES192_CBC - XMLSecurityKey::AES256_CBC - XMLSecurityKey::TRIPLEDES_CBC Autoloader: /usr/share/php/RobRichards/XMLSecLibs/autoload.php --------------------------------------------------------------------------------Update Information: ## 2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 ## 2.1.0 Backports changes from 3.0 branch --------------------------------------------------------------------------------ChangeLog: * Wed Nov 6 2019 Shawn Iwinski - 2.1.1-1 - Update to 2.1.1 (CVE-2019-3465) - https://simplesamlphp.org/security/201911-01 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-73d0fe1d15' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 14, 2019
•Important
Fedora
87
security advisorydenial of servicecriticalDebian: DSA-1666-1 Critical: libxml2 DoS Threat Resolution
Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. . - ------------------------------------------------------------------------Debian Security Advisory DSA-1666-1
Nov 17, 2008
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!