- Vulnerability/
- USN-5288-1
USN-5288-1: Expat vulnerabilities
First published: Mon Feb 21 2022(Updated: )
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libexpat1 | <2.4.1-2ubuntu0.1 | 2.4.1-2ubuntu0.1 |
| =21.10 | ||
| All of | ||
| ubuntu/libexpat1 | <2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.2 |
| =20.04 | ||
| All of | ||
| ubuntu/libexpat1 | <2.2.5-3ubuntu0.4 | 2.2.5-3ubuntu0.4 |
| =18.04 | ||
| All of | ||
| ubuntu/libexpat1 | <2.1.0-7ubuntu0.16.04.5+esm2 | 2.1.0-7ubuntu0.16.04.5+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/lib64expat1 | <2.1.0-7ubuntu0.16.04.5+esm2 | 2.1.0-7ubuntu0.16.04.5+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libexpat1 | <2.1.0-4ubuntu1.4+esm4 | 2.1.0-4ubuntu1.4+esm4 |
| =14.04 | ||
| All of | ||
| ubuntu/lib64expat1 | <2.1.0-4ubuntu1.4+esm4 | 2.1.0-4ubuntu1.4+esm4 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-22823
- https://ubuntu.com/security/CVE-2021-45960
- https://ubuntu.com/security/CVE-2022-25235
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-22825
- https://ubuntu.com/security/CVE-2022-22827
- https://ubuntu.com/security/CVE-2022-22826
- https://ubuntu.com/security/CVE-2021-46143
- https://ubuntu.com/security/CVE-2022-23990
- https://ubuntu.com/security/CVE-2022-22824
- https://ubuntu.com/security/CVE-2022-23852
- https://ubuntu.com/security/CVE-2022-22822
- https://ubuntu.com/security/notices/USN-5455-1
- https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.1
- https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.2
- https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.4
- https://ubuntu.com/security/notices/USN-5288-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of this security advisory?
USN-5288-1
What is the title of this security advisory?
Expat vulnerabilities
What is the description of the vulnerability?
The Expat library incorrectly handles certain files, which could allow an attacker to cause a crash or execute arbitrary code.
Which software is affected by this vulnerability?
The vulnerabilities affect Ubuntu 21.10, 20.04, 18.04, 16.04, and 14.04 versions of the libexpat1 and lib64expat1 packages.
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities in the Ubuntu security advisories: [CVE-2022-22823](https://ubuntu.com/security/CVE-2022-22823), [CVE-2021-45960](https://ubuntu.com/security/CVE-2021-45960), [CVE-2022-25235](https://ubuntu.com/security/CVE-2022-25235).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5455-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/21.10
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04