USN-7145-1: Expat vulnerability
10 December 2024
Expat could be made to crash if an unstarted parser was resumed.
Releases
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- expat - XML parsing C library
Details
It was discovered that Expat did not properly handle its internal state
when attempting to resume an unstarted parser. An attacker could use this
issue to cause a denial of service (application crash).
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
Ubuntu 24.04
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
-
expat
-
2.2.5-3ubuntu0.9+esm2
Available with Ubuntu Pro
-
libexpat1
-
2.2.5-3ubuntu0.9+esm2
Available with Ubuntu Pro
-
libexpat1-dev
-
2.2.5-3ubuntu0.9+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
expat
-
2.1.0-7ubuntu0.16.04.5+esm10
Available with Ubuntu Pro
-
lib64expat1
-
2.1.0-7ubuntu0.16.04.5+esm10
Available with Ubuntu Pro
-
lib64expat1-dev
-
2.1.0-7ubuntu0.16.04.5+esm10
Available with Ubuntu Pro
-
libexpat1
-
2.1.0-7ubuntu0.16.04.5+esm10
Available with Ubuntu Pro
-
libexpat1-dev
-
2.1.0-7ubuntu0.16.04.5+esm10
Available with Ubuntu Pro
Ubuntu 14.04
-
expat
-
2.1.0-4ubuntu1.4+esm10
-
lib64expat1
-
2.1.0-4ubuntu1.4+esm10
-
lib64expat1-dev
-
2.1.0-4ubuntu1.4+esm10
-
libexpat1
-
2.1.0-4ubuntu1.4+esm10
-
libexpat1-dev
-
2.1.0-4ubuntu1.4+esm10
In general, a standard system update will make all the necessary changes.