|
|
Log in / Subscribe / Register

Ubuntu alert USN-8174-1 (libxml-parser-perl)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8174-1] XML::Parser vulnerabilities


Date:
              Tue, 14 Apr 2026 10:55:27 +0000


Message-ID:
              <E1wCbQV-0001qH-FF@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8174-1
April 14, 2026

libxml-parser-perl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in XML::Parser.

Software Description:
- libxml-parser-perl: Perl module for parsing XML files

Details:

It was discovered that XML::Parser incorrectly handled certain multi-byte
UTF-8 characters. If a user or automated system were tricked into
processing specially crafted XML data, a remote attacker could use this
issue to cause XML::Parser to crash, resulting in a denial of service or to
possibly execute arbitrary code. (CVE-2006-10002)

It was discovered that XML::Parser incorrectly handled very deep element
nesting. If a user or automated system were tricked into processing
specially crafted XML data, a remote attacker could use this issue to cause
XML::Parser to crash, resulting in a denial of service or to possibly
execute arbitrary code (CVE-2006-10002)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libxml-parser-perl              2.47-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  libxml-parser-perl              2.47-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libxml-parser-perl              2.46-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8174-1
  CVE-2006-10002, CVE-2006-10003

Package Information:
  https://launchpad.net/ubuntu/+source/libxml-parser-perl/2...
  https://launchpad.net/ubuntu/+source/libxml-parser-perl/2...
  https://launchpad.net/ubuntu/+source/libxml-parser-perl/2...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmneHKgACgkQcpJm3tlz
hgGPqg//TaBVGSW9gkOEg9tASmEMVfrFg8DZQA3XLp8D+4R4dtj3jDxcsymrI44w
tPP2qCDTHm2QeAdfczqVwVuM/SExpPyUY1COzx9WBPzEt81NsgTydBtLa7ke0nK+
KJFl6dXVgFSBv2ZhTsrwZ/cRL1TibCvs5gxxk1jrKE+RXpIkGxBxMDJc2rXrU6Gf
9V7axb/HL5Ahxp8zTG4pW6y70u7V5OeEtqMHj6E2RIqlnGI3Pt7oWB/0MUbiNIXv
b6rJbHysy4NwvNQLErnVpLTYktmMBRDRL8LARnKqgKsXjlWWE4FBp6IYPLiQJbpu
10jGO43PXMQYSDop+f1TbSthHmCCV7u0h/emITYp10pJMDb8AdirVJVECMEUy6Ju
DPlPsXhr2bW8duGWquLf/a5/rS5obo2V3YC1VPA9cAnO14EInXkd9yuttac1zGPY
MjxKS5TYlPWMPTbCyBuqhUDIA84GQqTBYFYJ+Hj6YsGRuCSjV6B/olYXmdQQBqsF
A1rP7KGnCxJeI3eCqpEZpa3UOuAeF/TXDH+7WmhMiTV0oG/QG+FSFb9YelJMcdKu
ckgfJ0B4ZoqXuXr1Mxm1J0WIFrDZsB4SE2O6zzIACEEpdzya8Kzt22XNC60r5Hru
srsY0FVL4OnOPF4aBexiEzGgCAHhbGHx3vATezgLLxMwpF5xjdw=
=oXKf
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds