Ubuntu Security Notice 5638-2 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
0d692189046a0e9373724b41008cffba2f050fa2dc5520bfce444df5a9c035b3
==========================================================================
Ubuntu Security Notice USN-5638-2
November 17, 2022
expat vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Expat could be made to crash or execute arbitrary code.
Software Description:
- expat: XML parsing C library
Details:
USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
expat 2.4.7-1ubuntu0.1
libexpat1 2.4.7-1ubuntu0.1
Ubuntu 20.04 LTS:
expat 2.2.9-1ubuntu0.5
libexpat1 2.2.9-1ubuntu0.5
Ubuntu 18.04 LTS:
expat 2.2.5-3ubuntu0.8
libexpat1 2.2.5-3ubuntu0.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5638-2
https://ubuntu.com/security/notices/USN-5638-1
CVE-2022-40674, CVE-2022-43680
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.4.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.5
https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.8