Ubuntu alert USN-8313-1 (xmlrpc-c)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8313-1] XML-RPC for C and C++ vulnerabilities | |
| Date: | Wed, 27 May 2026 10:24:55 +0000 | |
| Message-ID: | <E1wSBRX-0002XG-7C@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8313-1 May 27, 2026 xmlrpc-c vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in XML-RPC for C and C++. Software Description: - xmlrpc-c: Lightweight RPC library based on XML and HTTP Details: It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libxmlrpc-c++8t64 1.33.14-12ubuntu0.1~esm1 Available with Ubuntu Pro libxmlrpc-core-c3t64 1.33.14-12ubuntu0.1~esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.14-12ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmlrpc-c++8v5 1.33.14-10ubuntu0.1~esm1 Available with Ubuntu Pro libxmlrpc-core-c3 1.33.14-10ubuntu0.1~esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.14-10ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmlrpc-c++8v5 1.33.14-8ubuntu0.20.04.1~esm1 Available with Ubuntu Pro libxmlrpc-core-c3 1.33.14-8ubuntu0.20.04.1~esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.14-8ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmlrpc-c++8v5 1.33.14-8ubuntu0.18.04.1~esm1 Available with Ubuntu Pro libxmlrpc-core-c3 1.33.14-8ubuntu0.18.04.1~esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.14-8ubuntu0.18.04.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libxmlrpc-c++8v5 1.33.14-1ubuntu1+esm1 Available with Ubuntu Pro libxmlrpc-core-c3 1.33.14-1ubuntu1+esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.14-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS libxmlrpc-c++8 1.33.06-0ubuntu1+esm1 Available with Ubuntu Pro libxmlrpc-core-c3 1.33.06-0ubuntu1+esm1 Available with Ubuntu Pro xmlrpc-api-utils 1.33.06-0ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8313-1 CVE-2022-25235, CVE-2022-25236
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoWxgQACgkQcpJm3tlz hgFDbA//SN9TMmuP1i3HL9YaV1w9J3bkSbaRQ6II+WUWjhC+MDBcO1doBo2oa7vK KGxDffDv/TF840ej0eexl6a6O9XwM9YtCHtrpF4BmJpslLDUyl+0gUu2vfRAzSOJ IdDgZz90/P77JxXsPL6KRK1F0eXrU1FQb5DQUU9hTFxL1vRuDPE5TQudW//bMCo8 HHMrYxKai4PEhbPTiAT8xJRhaIsqornLhjkYqTVeoF2vpCXWpSUBVIg3W8ZnOrON lTsLaQ+z+1k+M0GectEUUT5A3X3eyXmNiA/9S3kWi74s+EuoQdIqTRggVgGVXm7F DaUqSEdz+XKR5wp+taNuZ0doaGQ/2l05h24dedZdmo9VKykCi3YXtgMjL0po6DfE zoATQdzjzeqbgI2BmCmSHWoF+oo2AOSV7o8n0mO8P2deU9eNmpUYpE2bGbtDsmoj QdUokcuCDC3ovc8RToBVo685R03WU56zACl+MHBRYJZfIbRRV4hNeHwT9usyCKK1 cfGRjG3eK6Qlv1xpqy/qrQxcCfxbdbgV4IEFM5Am1z+TwNLyVsBlP6FzYVOXT7yr 1EdQZWcsJkXZk/bkQfNbcN/gNIIxZgwTKI7voA8WmFmlKmYzYB198lwR8KGfVJ92 /2jb4/wikIkyR3jSRnHI9h3O+jFo7IKKHycocE111qyxneilghk= =VQsN -----END PGP SIGNATURE-----