Ubuntu alert USN-8023-1 (libxmltok)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8023-1] xmltok library vulnerabilities | |
| Date: | Wed, 11 Feb 2026 14:33:37 +0000 | |
| Message-ID: | <E1vqBHd-0007uI-M4@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8023-1 February 11, 2026 libxmltok vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the xmltok library. Software Description: - libxmltok: XML Parser Toolkit, runtime libraries Details: It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat, contained within the xmltok library, incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm4 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmltok1 1.2-4ubuntu0.22.04.1~esm6 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmltok1 1.2-4ubuntu0.20.04.1~esm6 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmltok1 1.2-4ubuntu0.18.04.1~esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS libxmltok1 1.2-3ubuntu0.16.04.1~esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8023-1 CVE-2026-24515, CVE-2026-25210
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmMkxcACgkQcpJm3tlz hgH+wQ//bl0vsb8wxM9CjNWvc51dl6HZgzyk3JuXdKrz6VKwyUbUeaD+5Z6gEx8n tfAR2cc31jBLT8/zmH35Nx+eukRZecIFFdlKdgjktrHNoCSsl9W+ya8TY6BA+29U vDqtZ8LYz/HPgV66CkGrPYuQpaZsdZezwmcpEDSbmeuo5dZmZ0tkLZN4Rl79z8YY 5lMYC+vt9F5mcZK+6zVOphdCChJiJ9GX0txsHgBYxEhXwBRnCd7eeByksc1vD/ul cyAppjxjNq6W6ZxgTupB6vktgUGBGvVjFBEg9GdjZMSqH74J2UXdRC6thyPc180t E+n+6FXaCCUch7ETkMkDtcn41GGFAVuJa7KzQDvXgqll0/bgWBSnlety9/M249fc 8atMwhv1wy9WKEr2uPjUdpb3n4dKo8fSqlufFMUyBh6W5PX4hyvby12GzFUsoS2T s7mfSF4Rqj2sw4d0mok1tbV5T4DOi3CTEAo/N1x0GWlikCPmiHsdSgpabaWwJ28R Qwc2MTLq6z4fmp9ex1CUoUyRRQIA9wOrhLumQHvmhqdw6FGNwFTgwiq9ApxY50gA gowrNOxYC/5/cqnrRYMSWX0XuXKiobRBMYKSHwKDvSxRoRUNX/IJyuGmY1JxxHTM vaw9Yd/pcD5q8CUkWcyfGTy3pet9JGk0csSZzAopT21Gs14CIeY= =FYU9 -----END PGP SIGNATURE-----