First published: Tue Jul 19 2022(Updated: )
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25235) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled namespace URIs of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25236)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libxmltok1 | <1.2-4ubuntu0.22.04.1~esm1 | 1.2-4ubuntu0.22.04.1~esm1 |
=22.04 | ||
All of | ||
ubuntu/libxmltok1 | <1.2-4ubuntu0.20.04.1~esm1 | 1.2-4ubuntu0.20.04.1~esm1 |
=20.04 | ||
All of | ||
ubuntu/libxmltok1 | <1.2-4ubuntu0.18.04.1~esm1 | 1.2-4ubuntu0.18.04.1~esm1 |
=18.04 | ||
All of | ||
ubuntu/libxmltok1 | <1.2-3ubuntu0.16.04.1~esm2 | 1.2-3ubuntu0.16.04.1~esm2 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID of this advisory is USN-5455-1.
The title of this advisory is USN-5455-1: xmltok library vulnerabilities.
The severity of USN-5455-1 is not specified in the information provided.
Ubuntu versions 22.04, 20.04, 18.04, and 16.04 are affected by USN-5455-1.
To fix USN-5455-1, update the libxmltok1 package to the specified remedy version for your Ubuntu version.