USN-5638-3: Expat vulnerability
23 November 2022
Expat could be made to crash or execute arbitrary code.
Releases
Packages
- expat - XML parsing C library
Details
USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43680)
This update also fixes a minor regression introduced in
Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
expat
-
2.1.0-7ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
-
libexpat1
-
2.1.0-7ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
-
lib64expat1
-
2.1.0-7ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5638-2: expat, libexpat1, libexpat1-dev
- USN-5638-4: lib64expat1, libexpat1, lib64expat1-dev, libexpat1-dev, expat