USN-5638-1: Expat vulnerability
26 September 2022
Expat could be made to crash or execute arbitrary code.
Releases
Packages
- expat - XML parsing C library
Details
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
expat
-
2.1.0-7ubuntu0.16.04.5+esm6
Available with Ubuntu Pro
-
libexpat1
-
2.1.0-7ubuntu0.16.04.5+esm6
Available with Ubuntu Pro
-
lib64expat1
-
2.1.0-7ubuntu0.16.04.5+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.