A vulnerability in OWSLib (CVE-2023-27476) allows arbitrary file reads via XML External Entity (XXE) injection due to improper disabling of entity resolution in its XML parser. The vulnerability affects multiple Ubuntu LTS releases, including 16.04, 18.04, 20.04, and 22.04. Patched versions are available via Ubuntu Pro's Extended Security Maintenance (ESM), such as python3-owslib version 0.25.0-1ubuntu0.1~esm1 for Ubuntu 22.04 LTS.
Ubuntu Security Notices USN-8247-1 USN-8247-1: OWSLib vulnerability Publication date 7 May 2026 Overview OWSLib could be made to expose sensitive information. Releases 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages owslib - Client library for Open Geospatial (OGC) web services Details It was discovered that OWSLib did not properly disable entity resolution within its XML parser. An attacker could possibly use this issue to read arbitrary files via a crafted XML payload. It was discovered that OWSLib did not properly disable entity resolution within its XML parser. An attacker could possibly use this issue to read arbitrary files via a crafted XML payload. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 22.04 LTS jammy python3-owslib – 0.25.0-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 20.04 LTS focal python3-owslib – 0.19.1-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 18.04 LTS bionic python-owslib – 0.16.0-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. python3-owslib – 0.16.0-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 16.04 LTS xenial python-owslib – 0.10.3-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. python3-owslib – 0.10.3-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2023-27476 CVE-2023-27476