USN-7000-2: Expat vulnerabilities

Releases

• Ubuntu 22.04 LTS

Packages

• expat - XML parsing C library

Details

USN-7000-1 fixed vulnerabilities in Expat. This update
provides the corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• expat - 2.4.7-1ubuntu0.4
• libexpat1 - 2.4.7-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-45492
• CVE-2024-45491
• CVE-2024-45490

Related notices

• USN-7000-1: lib64expat1-dev, lib64expat1, libexpat1, libexpat1-dev, expat
• USN-7001-1: libxmltok1-dev, libxmltok1, libxmltok
• USN-7001-2: libxmltok1-dev, libxmltok1t64, libxmltok