-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

==========================================================================
Ubuntu Security Notice USN-7145-1
December 10, 2024

expat vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 24.10
- - Ubuntu 24.04 LTS
- - Ubuntu 22.04 LTS
- - Ubuntu 20.04 LTS
- - Ubuntu 18.04 LTS
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Expat could be made to crash if an unstarted parser was resumed.

Software Description:
- - expat: XML parsing C library

Details:

It was discovered that Expat did not properly handle its internal state
when attempting to resume an unstarted parser. An attacker could use this
issue to cause a denial of service (application crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  expat                           2.6.2-2ubuntu0.1
  libexpat1                       2.6.2-2ubuntu0.1
  libexpat1-dev                   2.6.2-2ubuntu0.1

Ubuntu 24.04 LTS
  expat                           2.6.1-2ubuntu0.2
  libexpat1                       2.6.1-2ubuntu0.2
  libexpat1-dev                   2.6.1-2ubuntu0.2

Ubuntu 22.04 LTS
  expat                           2.4.7-1ubuntu0.5
  libexpat1                       2.4.7-1ubuntu0.5
  libexpat1-dev                   2.4.7-1ubuntu0.5

Ubuntu 20.04 LTS
  expat                           2.2.9-1ubuntu0.8
  libexpat1                       2.2.9-1ubuntu0.8
  libexpat1-dev                   2.2.9-1ubuntu0.8

Ubuntu 18.04 LTS
  expat                           2.2.5-3ubuntu0.9+esm2
                                  Available with Ubuntu Pro
  libexpat1                       2.2.5-3ubuntu0.9+esm2
                                  Available with Ubuntu Pro
  libexpat1-dev                   2.2.5-3ubuntu0.9+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  expat                           2.1.0-7ubuntu0.16.04.5+esm10
                                  Available with Ubuntu Pro
  lib64expat1                     2.1.0-7ubuntu0.16.04.5+esm10
                                  Available with Ubuntu Pro
  lib64expat1-dev                 2.1.0-7ubuntu0.16.04.5+esm10
                                  Available with Ubuntu Pro
  libexpat1                       2.1.0-7ubuntu0.16.04.5+esm10
                                  Available with Ubuntu Pro
  libexpat1-dev                   2.1.0-7ubuntu0.16.04.5+esm10
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  expat                           2.1.0-4ubuntu1.4+esm10
                                  Available with Ubuntu Pro
  lib64expat1                     2.1.0-4ubuntu1.4+esm10
                                  Available with Ubuntu Pro
  lib64expat1-dev                 2.1.0-4ubuntu1.4+esm10
                                  Available with Ubuntu Pro
  libexpat1                       2.1.0-4ubuntu1.4+esm10
                                  Available with Ubuntu Pro
  libexpat1-dev                   2.1.0-4ubuntu1.4+esm10
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7145-1
  CVE-2024-50602

Package Information:
  https://launchpad.net/ubuntu/+source/expat/2.6.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/expat/2.6.1-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/expat/2.4.7-1ubuntu0.5
  https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.8
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAmdYdFIACgkQlFzKVeTW
Qe5oYQ/9FrvAxPF5ITryeBNCEfN9dhqGTzIUbiIMESAExbMbsUcTktxnEgWsYYs5
98pcuKo9b2LXb1hIfG1n3SqmzBI8FFYS+O1jyFb79iHOPYhg7vdLZKWD5EyQ3IVH
f2voyPNcOAFHQmiWB20LQfO29a3W18VW5kpMoTufEwJ3+SlpG4ZH7YwYUvFvv46s
u6+GF00kVpIY0RCoFk7BaGYaa13VkJVTRHHThHiFbXgnTpd1Wv0qHcgpjNqG5ITG
AfsNIiv/c82n4yBvQ/RC7545glPxFbc3hh+oXbQXHWHHzLQrq/QFlB8UK5YXwXkD
oiWCAkQEi4Rsc5kxn73Pv+Q5KQnKPXyWOxgVeQKLQ4ItmEOzJz/JhsgUgXGaxXUj
myusG19Yi42XMftwbhCeTUD6mjzmKWPk3q3Bjbf4eWPKY0HBbOjoxHXOc/4LKC+F
RBQh9a4CLocKAn/iC1kiOFyDmh/TheoalBxUnKiKvoR8HQKuCW3CS/UJrJkEcALC
wywDt51aFYHo1aM946gWUc5Bh1a/9GaakTshSu8Eb/sHbk3qcYRDc8FNVzUWU34Q
FLY8vTnuRt9jCOkB4tCJhXRNMECFeL3J4LCntmvgclzoTmTsWWOl3P/JItlp+0bH
WFuVNwMn1k+0rpFeybmK0hFRXSf7f1GwWlz0fLmv0sjfruytAiI=
=aUW8
-----END PGP SIGNATURE-----