Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7000-1

Ubuntu Security Notice 7000-1 - Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#perl

==========================================================================
Ubuntu Security Notice USN-7000-1
September 12, 2024

expat vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Expat.

Software Description:

  • expat: XML parsing C library

Details:

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat did properly handle the potential
for an integer overflow on 32-bit platforms. An attacker could use this
issue to cause a denial of service or possibly execute arbitrary code.
(CVE-2024-45491, CVE-2024-45492)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
expat 2.6.1-2ubuntu0.1
libexpat1 2.6.1-2ubuntu0.1

Ubuntu 20.04 LTS
expat 2.2.9-1ubuntu0.7
libexpat1 2.2.9-1ubuntu0.7

Ubuntu 18.04 LTS
expat 2.2.5-3ubuntu0.9+esm1
Available with Ubuntu Pro
libexpat1 2.2.5-3ubuntu0.9+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
expat 2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro
lib64expat1 2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro
libexpat1 2.1.0-7ubuntu0.16.04.5+esm9
Available with Ubuntu Pro

Ubuntu 14.04 LTS
expat 2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro
lib64expat1 2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro
libexpat1 2.1.0-4ubuntu1.4+esm9
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7000-1
CVE-2024-45490, CVE-2024-45491, CVE-2024-45492

Package Information:
https://launchpad.net/ubuntu/+source/expat/2.6.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.7

Related news

Red Hat Security Advisory 2024-7599-03

Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-6754-03

Red Hat Security Advisory 2024-6754-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include an integer overflow vulnerability.

Debian Security Advisory 5770-1

Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.

Ubuntu Security Notice USN-7000-2

Ubuntu Security Notice 7000-2 - USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-7001-2

Ubuntu Security Notice 7001-2 - USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-7001-1

Ubuntu Security Notice 7001-1 - Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-7001-1

Ubuntu Security Notice 7001-1 - Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13