USN-4040-2: Expat vulnerability

26 June 2019

Expat could be made to consume a high amount of RAM and CPU resources if it received a specially crafted XML file.

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Releases

USN-4040-1 fixed a vulnerability in expat. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

The problem can be corrected by updating your system to the following package versions:

In general, a standard system update will make all the necessary changes.

USN-4040-1: lib64expat1, libexpat1, lib64expat1-dev, libexpat1-udeb, expat, libexpat1-dev
USN-4852-1: libvtk5.10, libvtk5.8, vtk, libvtk5.8-qt4, libvtk5-qt4-dev, python-vtk, vtk-doc, libvtk5.10-qt4, libvtk5-dev, vtk-examples, libvtk-java, tcl-vtk
USN-5455-1: libxmltok1, libxmltok1-dev, libxmltok

Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.