USN-7001-2: xmltok library vulnerabilities

Read Time:34 Second

USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)

Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?

Critical Infrastructure at Risk From Email Security Breaches

Google Street View Images Used For Extortion Scams

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Introducing LevelBlue’s 24/7 Managed Threat Detection and Response Service for Government

AT&T Agrees $13m FCC Settlement Over Cloud Data Breach

CISA Issues Advice to Help Eliminate XSS Bugs

The AI Fix #16: GPT-4o1, AI time travelers, and where’s my driverless car?

USN-7001-2: xmltok library vulnerabilities

USN-7023-1: Git vulnerabilities

Stored XSS in “Edit Profile” – htmlyv2.9.9

Stored XSS in “Menu Editor” – htmlyv2.9.9

Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution

Backdoor.Win32.CCInvader.10 / Authentication Bypass

Backdoor.Win32.Delf.yj / Information Disclosure