[USN-5455-1] xmltok library vulnerabilities
Severity
Critical
Affected Packages
8
CVEs
15
Several security issues were fixed in libxmltok.
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is
integrated in xmltok library, incorrectly handled certain files.
An attacker could possibly use these issues to cause a denial of
service, or possibly execute arbitrary code. These issues were only
addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903,
CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled encoding validation of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25235)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled namespace URIs of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25236)
| Package | Affected Version |
|---|---|
 pkg:deb/ubuntu/libxmltok1?distro=xenial
|
< 1.2-3ubuntu0.16.04.1~esm2 |
|
pkg:deb/ubuntu/libxmltok1?distro=jammy
|
< 1.2-4ubuntu0.22.04.1~esm1 |
|
pkg:deb/ubuntu/libxmltok1?distro=focal
|
< 1.2-4ubuntu0.20.04.1~esm1 |
|
pkg:deb/ubuntu/libxmltok1?distro=bionic
|
< 1.2-4ubuntu0.18.04.1~esm1 |
|
pkg:deb/ubuntu/libxmltok1-dev?distro=xenial
|
< 1.2-3ubuntu0.16.04.1~esm2 |
|
pkg:deb/ubuntu/libxmltok1-dev?distro=jammy
|
< 1.2-4ubuntu0.22.04.1~esm1 |
|
pkg:deb/ubuntu/libxmltok1-dev?distro=focal
|
< 1.2-4ubuntu0.20.04.1~esm1 |
|
pkg:deb/ubuntu/libxmltok1-dev?distro=bionic
|
< 1.2-4ubuntu0.18.04.1~esm1 |
- ID
- USN-5455-1
- Severity
- critical
- Severity from
- CVE-2016-0718
- URL
- https://ubuntu.com/security/notices/USN-5455-1
- Published
-
2022-07-19T17:11:00
(2 years ago) - Modified
-
2022-07-19T17:11:00
(2 years ago) - Other Advisories
-
-
ALAS-2012-89
-
ALAS-2016-775
-
ALAS-2021-1459
-
ALAS-2022-1573
-
ALAS-2022-1585
-
ALAS-2022-1603
-
ALAS2-2019-1376
-
ALAS2-2020-1513
-
ALAS2-2022-1764
-
ALAS2-2022-1779
-
ALAS2-2022-1795
-
ALAS2-2022-1809
-
ALPINE:CVE-2016-0718
-
ALPINE:CVE-2016-4472
-
ALPINE:CVE-2018-20843
-
ALPINE:CVE-2019-15903
-
ALPINE:CVE-2021-46143
-
ALPINE:CVE-2022-22822
-
ALPINE:CVE-2022-22823
-
ALPINE:CVE-2022-22824
-
ALPINE:CVE-2022-22825
-
ALPINE:CVE-2022-22826
-
ALPINE:CVE-2022-22827
-
ALPINE:CVE-2022-25235
-
ALPINE:CVE-2022-25236
-
ALSA-2020:4484
-
ALSA-2020:4846
-
ALSA-2022:0818
-
ALSA-2022:0845
-
ALSA-2022:0951
-
ALSA-2022:1643
-
ALSA-2022:7692
-
ALSA-2022:7811
-
ASA-201910-15
-
ASA-201910-16
-
ASA-201910-17
-
ASB-A-219942275
-
DSA-3315-1
-
DSA-3318-1
-
DSA-3582-1
-
DSA-4472-1
-
DSA-4530-1
-
DSA-4549-1
-
DSA-4571-1
-
DSA-5073-1
-
DSA-5085-1
-
ELSA-2012-0731
-
ELSA-2016-2824
-
ELSA-2019-3210
-
ELSA-2019-3237
-
ELSA-2020-3952
-
ELSA-2020-4484
-
ELSA-2022-0818
-
ELSA-2022-0824
-
ELSA-2022-0845
-
ELSA-2022-0850
-
ELSA-2022-0951
-
ELSA-2022-1069
-
ELSA-2022-1643
-
ELSA-2022-7692
-
ELSA-2022-9227
-
ELSA-2022-9359
-
FEDORA-2016-0fd6ca526a
-
FEDORA-2016-60889583ab
-
FEDORA-2016-7c6e7a9265
-
FEDORA-2019-139fcda84d
-
FEDORA-2019-18868e1715
-
FEDORA-2019-613edfe68b
-
FEDORA-2019-672ae0f060
-
FEDORA-2019-9505c6b555
-
FEDORA-2022-01f0553b59
-
FEDORA-2022-04f206996b
-
FEDORA-2022-3d9d67f558
-
FEDORA-2022-f202d1a045
-
FEDORA-2023-97a977a96a
-
FEDORA-2023-99ba1917da
-
FREEBSD:0DA8A68E-600A-11E6-A6C3-14DAE9D210B8
-
FREEBSD:57B3ABA7-1E25-11E6-8DD3-002590263BF5
-
FREEBSD:8719B935-8BAE-41AD-92BA-3C826F651219
-
FREEBSD:9164F51E-AE20-11E7-A633-009C02A2AB30
-
FREEBSD:9B7491FB-F253-11E9-A50C-000C29C4DC65
-
FREEBSD:9D732078-32C7-11E5-B263-00262D5ED8EE
-
FREEBSD:AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5
-
FREEBSD:FF76F0E0-3F11-11E6-B3C8-14DAE9D210B8
-
GLSA-201209-06
-
GLSA-201603-09
-
GLSA-201701-21
-
GLSA-201911-08
-
GLSA-202209-24
-
MFSA-2019-33
-
MFSA-2019-34
-
MFSA-2019-35
-
MS:CVE-2018-20843
-
MS:CVE-2021-46143
-
MS:CVE-2022-22822
-
MS:CVE-2022-22823
-
MS:CVE-2022-22824
-
MS:CVE-2022-22825
-
MS:CVE-2022-22826
-
MS:CVE-2022-22827
-
MS:CVE-2022-25235
-
MS:CVE-2022-25236
-
openSUSE-SU-2019:1777-1
-
openSUSE-SU-2019:2204-1
-
openSUSE-SU-2019:2205-1
-
openSUSE-SU-2019:2420-1
-
openSUSE-SU-2019:2424-1
-
openSUSE-SU-2019:2425-1
-
openSUSE-SU-2019:2447-1
-
openSUSE-SU-2019:2451-1
-
openSUSE-SU-2019:2452-1
-
openSUSE-SU-2019:2459-1
-
openSUSE-SU-2019:2464-1
-
openSUSE-SU-2020:0010-1
-
openSUSE-SU-2020:0086-1
-
openSUSE-SU-2022:0178-1
-
openSUSE-SU-2022:0713-1
-
openSUSE-SU-2022:0844-1
-
RHSA-2012:0731
-
RHSA-2015:1499
-
RHSA-2016:2824
-
RHSA-2019:3193
-
RHSA-2019:3196
-
RHSA-2019:3210
-
RHSA-2019:3237
-
RHSA-2019:3756
-
RHSA-2020:3952
-
RHSA-2020:4484
-
RHSA-2020:4846
-
RHSA-2022:0818
-
RHSA-2022:0824
-
RHSA-2022:0845
-
RHSA-2022:0850
-
RHSA-2022:0951
-
RHSA-2022:1069
-
RHSA-2022:1643
-
RHSA-2022:7692
-
RHSA-2022:7811
-
RLSA-2020:4846
-
RLSA-2022:7692
-
SSA:2016-359-01
-
SSA:2017-266-02
-
SSA:2018-124-01
-
SSA:2019-259-01
-
SSA:2019-293-01
-
SSA:2019-295-01
-
SSA:2022-016-01
-
SSA:2022-050-01
-
SUSE-SU-2016:1508-1
-
SUSE-SU-2016:1512-1
-
SUSE-SU-2017:2699-1
-
SUSE-SU-2017:2700-1
-
SUSE-SU-2019:1834-1
-
SUSE-SU-2019:1835-1
-
SUSE-SU-2019:2429-1
-
SUSE-SU-2019:2440-1
-
SUSE-SU-2019:2871-1
-
SUSE-SU-2019:2872-1
-
SUSE-SU-2019:2912-1
-
SUSE-SU-2020:0114-1
-
SUSE-SU-2020:0302-1
-
SUSE-SU-2020:0497-1
-
SUSE-SU-2022:0178-1
-
SUSE-SU-2022:0179-1
-
SUSE-SU-2022:0698-1
-
SUSE-SU-2022:0713-1
-
SUSE-SU-2022:0842-1
-
SUSE-SU-2022:0844-1
-
SUSE-SU-2022:0844-2
-
SUSE-SU-2022:2294-1
-
SUSE-SU-2024:0782-1
-
SUSE-SU-2024:0782-2
-
SUSE-SU-2024:0784-1
-
USN-1527-1
-
USN-1527-2
-
USN-1613-1
-
USN-1613-2
-
USN-2677-1
-
USN-2726-1
-
USN-2983-1
-
USN-3013-1
-
USN-3044-1
-
USN-4040-1
-
USN-4040-2
-
USN-4132-1
-
USN-4132-2
-
USN-4165-1
-
USN-4202-1
-
USN-4335-1
-
USN-4772-1
-
USN-4852-1
-
USN-5288-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/libxmltok1?distro=xenial | ubuntu |
libxmltok1
|
< 1.2-3ubuntu0.16.04.1~esm2 | xenial | ||
| Affected | pkg:deb/ubuntu/libxmltok1?distro=jammy | ubuntu |
libxmltok1
|
< 1.2-4ubuntu0.22.04.1~esm1 | jammy | ||
| Affected | pkg:deb/ubuntu/libxmltok1?distro=focal | ubuntu |
libxmltok1
|
< 1.2-4ubuntu0.20.04.1~esm1 | focal | ||
| Affected | pkg:deb/ubuntu/libxmltok1?distro=bionic | ubuntu |
libxmltok1
|
< 1.2-4ubuntu0.18.04.1~esm1 | bionic | ||
| Affected | pkg:deb/ubuntu/libxmltok1-dev?distro=xenial | ubuntu |
libxmltok1-dev
|
< 1.2-3ubuntu0.16.04.1~esm2 | xenial | ||
| Affected | pkg:deb/ubuntu/libxmltok1-dev?distro=jammy | ubuntu |
libxmltok1-dev
|
< 1.2-4ubuntu0.22.04.1~esm1 | jammy | ||
| Affected | pkg:deb/ubuntu/libxmltok1-dev?distro=focal | ubuntu |
libxmltok1-dev
|
< 1.2-4ubuntu0.20.04.1~esm1 | focal | ||
| Affected | pkg:deb/ubuntu/libxmltok1-dev?distro=bionic | ubuntu |
libxmltok1-dev
|
< 1.2-4ubuntu0.18.04.1~esm1 | bionic |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |