Thursday, January 16, 2025

[USN-7215-1] libxml2 vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeJPxYFAwAAAAAACgkQZWnYVadEvpPP
1A//X2tmvsu4oLHEA/3yfP+sVUrOrHeeE53ZIDt0XQ8HCcJcxFPH8aYO95gO94ao8Tw8acyrnGSu
gBOEfFHEOCnmqmokKuadd6Ykoo935+ytMpaxko9eXpzU0NA/HjChHMFwilPvgJqHJfuXJ9QXVPzM
Of31xNpMwQFA91W8wAEdNro/W8nQtfSoaykG4CHaVquKaZC/j0KyMRVhxQpfG7sxRwMxIQqVHuWN
e4R8L4Fe//F5ctYyaZfsTt8Zxj+XMXKEshFGWnSXrX9f0LyIR7DM/Q9O4ufuBgKgTmcMyYX71cO5
7VTp2PiAQrnOYnRQDzJPuwfF7q/hsAyjM5usI1iTmV+aFO57HKwFg3mnN+RmYY3yYpMBz0PuIIfk
o7Abui8kvL2S6oUPBRIRM8GCbmLX9zsSQUM3dw2KXf6AQEXbE28ml482ICpxeH27ay+fUFYb4Fvq
xy+rkBEUybl+O6yxlTnp00DMOamgqMdKLqwg6BYC38+85YIJtZiowD/Mby+szSuJB5ALKiVh8jnB
7E4pnVdT6BC1sm1nQi5t5jkJ/kqqBc/pOw7/DKU3BfYQcTFevFe4gQbdZlS1zY/LLnrcF5miv9Ph
oFwr92fnoRFBilPebipfGFx6I+BQT/eJCnOfIqB1RjGFyr5cGpekHZGLUz3eHA4EpSSOb+z60Hx6
xAg=
=YLgt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7215-1
January 16, 2025

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

libxml2 could be made to expose sensitive information over the network.

Software Description:
- libxml2: GNOME XML library

Details:

Xisco Fauli discovered that libxml2 incorrectly handled custom SAX
handlers. A remote attacker could possibly use this issue to perform XML
External Entity (XXE) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libxml2 2.12.7+dfsg-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7215-1
CVE-2024-40896

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg-3ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)