USN-7001-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-7001-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7001-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7001-2

Related

Published

2024-09-17T11:54:23.486928Z

Modified

2024-09-17T11:54:23.486928Z

Summary

libxmltok vulnerabilities

Details

USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45491)

References

Affected packages

Ubuntu:Pro:24.04:LTS / libxmltok

Package

Name: libxmltok
Purl: pkg:deb/ubuntu/libxmltok@1.2-4.1ubuntu2.24.0.4.1+esm1?arch=src?distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2-4.1ubuntu2.24.0.4.1+esm1

Affected versions

1.*

1.2-4ubuntu1

1.2-4.1ubuntu1

1.2-4.1ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libxmltok1t64": "1.2-4.1ubuntu2.24.0.4.1+esm1",
            "libxmltok1-dev": "1.2-4.1ubuntu2.24.0.4.1+esm1",
            "libxmltok1t64-dbgsym": "1.2-4.1ubuntu2.24.0.4.1+esm1"
        }
    ]
}