Security News

Cybersecurity news aggregator

🐧
MEDIUM Vulnerabilities Ubuntu Security

USN-8023-1: xmltok library vulnerabilities

ubuntulibxmltokcve-2026-24515cve-2026-25210
  • What: Multiple vulnerabilities were discovered in the xmltok library, specifically in the Expat XML parser.
  • Impact: An attacker could cause a denial of service or execute arbitrary code due to incorrect handling of parser initialization and integer calculations.
  • Affected: libxmltok library on Ubuntu systems.
  • CVE: CVE-2026-24515, CVE-2026-25210
Read Full Article →

Ubuntu Security Notices USN-8023-1 USN-8023-1: xmltok library vulnerabilities Publication date 11 February 2026 Overview Several security issues were fixed in the xmltok library. Releases 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS Packages libxmltok - XML Parser Toolkit, runtime libraries Details It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. ( CVE-2026-24515 ) It was discovered that Expat, contained within the xmltok library, incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. ( CVE-2026-25210 ) It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. ( CVE-2026-24515 ) It was discovered that Expat, contained within the xmltok library, incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. ( CVE-2026-25210 ) Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 24.04 LTS noble libxmltok1t64 – 1.2-4.1ubuntu2.24.0.4.1+esm4 22.04 LTS jammy libxmltok1 – 1.2-4ubuntu0.22.04.1~esm6 20.04 LTS focal libxmltok1 – 1.2-4ubuntu0.20.04.1~esm6 18.04 LTS bionic libxmltok1 – 1.2-4ubuntu0.18.04.1~esm6 16.04 LTS xenial libxmltok1 – 1.2-3ubuntu0.16.04.1~esm5 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-25210 CVE-2026-24515 CVE-2026-25210 CVE-2026-24515 USN-8022-1 USN-8022-1

Related Articles

MEDIUM USN-8022-2: Expat vulnerabilities Ubuntu Security MEDIUM Multiples vulnérabilités dans Tenable Nessus (06 février 2026) CERT-FR (ANSSI) MEDIUM USN-8022-1: Expat vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn