English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2022.5455.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5455-1)
Summary:The remote host is missing an update for the 'libxmltok' package(s) announced via the USN-5455-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libxmltok' package(s) announced via the USN-5455-1 advisory.

Vulnerability Insight:
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is
integrated in xmltok library, incorrectly handled certain files.
An attacker could possibly use these issues to cause a denial of
service, or possibly execute arbitrary code. These issues were only
addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903,
CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled encoding validation of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25235)

It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled namespace URIs of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25236)

Affected Software/OS:
'libxmltok' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1148
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
BugTraq ID: 52379
http://www.securityfocus.com/bid/52379
Debian Security Information: DSA-2525 (Google Search)
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
RedHat Security Advisories: RHSA-2012:0731
http://rhn.redhat.com/errata/RHSA-2012-0731.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.securitytracker.com/id/1034344
http://secunia.com/advisories/49504
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1527-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-1283
BugTraq ID: 75973
http://www.securityfocus.com/bid/75973
Debian Security Information: DSA-3315 (Google Search)
http://www.debian.org/security/2015/dsa-3315
Debian Security Information: DSA-3318 (Google Search)
http://www.debian.org/security/2015/dsa-3318
https://security.gentoo.org/glsa/201603-09
https://security.gentoo.org/glsa/201701-21
RedHat Security Advisories: RHSA-2015:1499
http://rhn.redhat.com/errata/RHSA-2015-1499.html
http://www.securitytracker.com/id/1033031
SuSE Security Announcement: SUSE-SU-2016:1508 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:1512 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1287 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1441 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
SuSE Security Announcement: openSUSE-SU-2016:1523 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
http://www.ubuntu.com/usn/USN-2726-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0718
1036348
http://www.securitytracker.com/id/1036348
1036415
http://www.securitytracker.com/id/1036415
1037705
http://www.securitytracker.com/id/1037705
20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
http://seclists.org/fulldisclosure/2017/Feb/68
90729
http://www.securityfocus.com/bid/90729
APPLE-SA-2016-07-18-1
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
DSA-3582
http://www.debian.org/security/2016/dsa-3582
GLSA-201701-21
RHSA-2016:2824
http://rhn.redhat.com/errata/RHSA-2016-2824.html
RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:2486
SUSE-SU-2016:1508
SUSE-SU-2016:1512
USN-2983-1
http://www.ubuntu.com/usn/USN-2983-1
USN-3044-1
http://www.ubuntu.com/usn/USN-3044-1
[oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
http://www.openwall.com/lists/oss-security/2016/05/17/12
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
http://support.eset.com/ca6333/
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
https://bugzilla.redhat.com/show_bug.cgi?id=1296102
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://source.android.com/security/bulletin/2016-11-01.html
https://support.apple.com/HT206903
https://www.tenable.com/security/tns-2016-20
openSUSE-SU-2016:1441
openSUSE-SU-2016:1523
openSUSE-SU-2016:1964
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
openSUSE-SU-2016:2026
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4472
91528
http://www.securityfocus.com/bid/91528
USN-3013-1
http://www.ubuntu.com/usn/USN-3013-1
https://bugzilla.redhat.com/show_bug.cgi?id=1344251
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
Common Vulnerability Exposure (CVE) ID: CVE-2018-20843
Bugtraq: 20190628 [SECURITY] [DSA 4472-1] expat security update (Google Search)
https://seclists.org/bugtraq/2019/Jun/39
https://security.netapp.com/advisory/ntap-20190703-0001/
https://support.f5.com/csp/article/K51011533
https://www.tenable.com/security/tns-2021-11
Debian Security Information: DSA-4472 (Google Search)
https://www.debian.org/security/2019/dsa-4472
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
https://security.gentoo.org/glsa/201911-08
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
https://github.com/libexpat/libexpat/issues/186
https://github.com/libexpat/libexpat/pull/262
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
SuSE Security Announcement: openSUSE-SU-2019:1777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
https://usn.ubuntu.com/4040-1/
https://usn.ubuntu.com/4040-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-15903
Bugtraq: 20190917 [slackware-security] expat (SSA:2019-259-01) (Google Search)
https://seclists.org/bugtraq/2019/Sep/30
Bugtraq: 20190923 [SECURITY] [DSA 4530-1] expat security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/37
Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search)
https://seclists.org/bugtraq/2019/Oct/29
Bugtraq: 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update (Google Search)
https://seclists.org/bugtraq/2019/Nov/1
Bugtraq: 20191118 [SECURITY] [DSA 4571-1] thunderbird security update (Google Search)
https://seclists.org/bugtraq/2019/Nov/24
Bugtraq: 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (Google Search)
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3 (Google Search)
https://seclists.org/bugtraq/2019/Dec/21
Bugtraq: 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1 (Google Search)
https://seclists.org/bugtraq/2019/Dec/17
https://github.com/libexpat/libexpat/issues/342
https://security.netapp.com/advisory/ntap-20190926-0004/
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://support.apple.com/kb/HT210793
https://support.apple.com/kb/HT210794
https://support.apple.com/kb/HT210795
Debian Security Information: DSA-4530 (Google Search)
https://www.debian.org/security/2019/dsa-4530
Debian Security Information: DSA-4549 (Google Search)
https://www.debian.org/security/2019/dsa-4549
Debian Security Information: DSA-4571 (Google Search)
https://www.debian.org/security/2019/dsa-4571
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/
http://seclists.org/fulldisclosure/2019/Dec/23
http://seclists.org/fulldisclosure/2019/Dec/26
http://seclists.org/fulldisclosure/2019/Dec/27
http://seclists.org/fulldisclosure/2019/Dec/30
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/pull/318
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
RedHat Security Advisories: RHSA-2019:3210
https://access.redhat.com/errata/RHSA-2019:3210
RedHat Security Advisories: RHSA-2019:3237
https://access.redhat.com/errata/RHSA-2019:3237
RedHat Security Advisories: RHSA-2019:3756
https://access.redhat.com/errata/RHSA-2019:3756
SuSE Security Announcement: openSUSE-SU-2019:2204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
SuSE Security Announcement: openSUSE-SU-2019:2205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
SuSE Security Announcement: openSUSE-SU-2019:2420 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
SuSE Security Announcement: openSUSE-SU-2019:2424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2019:2425 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
SuSE Security Announcement: openSUSE-SU-2019:2447 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
SuSE Security Announcement: openSUSE-SU-2019:2451 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
SuSE Security Announcement: openSUSE-SU-2019:2452 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
SuSE Security Announcement: openSUSE-SU-2019:2459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2019:2464 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
SuSE Security Announcement: openSUSE-SU-2020:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://usn.ubuntu.com/4132-1/
https://usn.ubuntu.com/4132-2/
https://usn.ubuntu.com/4165-1/
https://usn.ubuntu.com/4202-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2021-46143
Debian Security Information: DSA-5073 (Google Search)
https://www.debian.org/security/2022/dsa-5073
https://security.gentoo.org/glsa/202209-24
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
http://www.openwall.com/lists/oss-security/2022/01/17/3
Common Vulnerability Exposure (CVE) ID: CVE-2022-22822
https://github.com/libexpat/libexpat/pull/539
Common Vulnerability Exposure (CVE) ID: CVE-2022-22823
Common Vulnerability Exposure (CVE) ID: CVE-2022-22824
Common Vulnerability Exposure (CVE) ID: CVE-2022-22825
Common Vulnerability Exposure (CVE) ID: CVE-2022-22826
Common Vulnerability Exposure (CVE) ID: CVE-2022-22827
Common Vulnerability Exposure (CVE) ID: CVE-2022-25235
https://security.netapp.com/advisory/ntap-20220303-0008/
Debian Security Information: DSA-5085 (Google Search)
https://www.debian.org/security/2022/dsa-5085
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://github.com/libexpat/libexpat/pull/562
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
http://www.openwall.com/lists/oss-security/2022/02/19/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-25236
http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
https://github.com/libexpat/libexpat/pull/561
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.