USN-7000-1: Expat vulnerabilities

Packages

expat - XML parsing C library

Details

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
24.04 noble	expat – 2.6.1-2ubuntu0.1
24.04 noble	libexpat1 – 2.6.1-2ubuntu0.1
20.04 focal	expat – 2.2.9-1ubuntu0.7
20.04 focal	libexpat1 – 2.2.9-1ubuntu0.7
18.04 bionic	expat – 2.2.5-3ubuntu0.9+esm1
18.04 bionic	libexpat1 – 2.2.5-3ubuntu0.9+esm1
16.04 xenial	expat – 2.1.0-7ubuntu0.16.04.5+esm9
	lib64expat1 – 2.1.0-7ubuntu0.16.04.5+esm9
	libexpat1 – 2.1.0-7ubuntu0.16.04.5+esm9
14.04 trusty	expat – 2.1.0-4ubuntu1.4+esm9
	lib64expat1 – 2.1.0-4ubuntu1.4+esm9
	libexpat1 – 2.1.0-4ubuntu1.4+esm9

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices