Ubuntu alert USN-7945-1 (libxslt)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7945-1] Libxslt vulnerability
Date:
             
 
Wed, 07 Jan 2026 14:44:45 +0000
Message-ID:
             
 
<E1vdUmD-0008Vb-HH@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-7945-1
January 07, 2026

libxslt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Libxslt could be made to crash or exhibit undefined behavior if it opened a
specially crafted file.

Software Description:
- libxslt: XSLT processing library

Details:

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when
performing XML transformations. An attacker could possibly use this issue
to cause Libxslt to crash or corrupt memory, causing a denial of service or
undefined behavior.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libxslt1.1                      1.1.39-0exp1ubuntu4.1
  xsltproc                        1.1.39-0exp1ubuntu4.1

Ubuntu 24.04 LTS
  libxslt1.1                      1.1.39-0exp1ubuntu0.24.04.3
  xsltproc                        1.1.39-0exp1ubuntu0.24.04.3

Ubuntu 22.04 LTS
  libxslt1.1                      1.1.34-4ubuntu0.22.04.5
  xsltproc                        1.1.34-4ubuntu0.22.04.5

Ubuntu 20.04 LTS
  libxslt1.1                      1.1.34-4ubuntu0.20.04.3+esm2
                                  Available with Ubuntu Pro
  xsltproc                        1.1.34-4ubuntu0.20.04.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libxslt1.1                      1.1.29-5ubuntu0.3+esm3
                                  Available with Ubuntu Pro
  xsltproc                        1.1.29-5ubuntu0.3+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libxslt1.1                      1.1.28-2.1ubuntu0.3+esm4
                                  Available with Ubuntu Pro
  xsltproc                        1.1.28-2.1ubuntu0.3+esm4
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libxslt1.1                      1.1.28-2ubuntu0.2+esm5
                                  Available with Ubuntu Pro
  xsltproc                        1.1.28-2ubuntu0.2+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7945-1
  CVE-2025-7424

Package Information:
  https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1...
  https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1...
  https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubun...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlecSYACgkQcpJm3tlz
hgGU7A/+OIZXLy514yb/71JbzFOD2ZqMud2Vr29s+eXNBksQeDuy2z4yPhQHfMRq
zfP2XCY/ulGhkZrR7HG8hePsv6iA03lFV2vQXj5IkXMBK/HynqNzI54MVYHgYeON
SlimPiiFvyGOAtbQh9muWhSviD9x1Kw4yfPBk1dNAk/7OSKjf40cYUGFVlOGWM6Y
/SapEM1tkdrHfm2CpHbrn6vuJSuHjrPVvjQ7mC987w7JcNuxks1r4LuEYhVOIyYY
vOJ1fGGhNn7fxAr98AlK8/K0e/bBfobs6B1P34rYtdztCZ+ISLsXoaXdJnO2Cl2W
cj8Dz/OpBE2zVdHi+n4+RO7KPk2vP1uT5EwXql4ui4GM+4dzugeHxb2MfjA3j6hh
UBiULC0Elvra2pIP/3t0kMzZN166CV2dDllb2mqfpucfgvGVyqr3ZdgJKkSQzziS
b2jdiDbwE+ULGQzK0BtPn6/S/COB62qDfxZKOcwIi01LuU68cAX43Vzxcwftxe1r
1Qad4KtjE+9+ME2Yw/7wLlO9Vbbp7si36S5Ze7wD+uViGo0y8qrcPt8U+/kJa2hB
qM3TKdmZxTZN22Jc1/JGBivJ8lpHKQLzjk1A9vBD0wz14ZBW5IFBkToCsh+YdAwM
oFcGFNfnWucjoJ92rZm2wU8Z8mUsoH4V55qnxowXvt0K7Cyh39s=
=c7OA
-----END PGP SIGNATURE-----