USN-6694-1: Expat vulnerabilities
24681
07 August 2024
15 July 2024
CLOSED
MEDIUM
CVE-2023-52425;CVE-2024-28757
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
Description
It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757) Update Instructions: Run `sudo pro fix USN-6694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.4.7-1ubuntu0.3 libexpat1 - 2.4.7-1ubuntu0.3 libexpat1-dev - 2.4.7-1ubuntu0.3 No subscription required.
Fixed VMware Products and Versions
- Cflinuxfs4
- 1.83.0 or greater
- Jammy Stemcells
- 1.406 or greater
- Operations Manager Image
- 3.0.25+LTS-T or greater
- Isolation Segment
- 4.0.20+LTS-T or greater
- 5.0.10 or greater
- VMware Tanzu Application Service for VMs
- 4.0.20+LTS-T or greater
- 5.0.10 or greater
- Operation Manager
- 3.0.25+LTS-T or greater
References
https://ubuntu.com/security/notices/USN-6694-1
https://www.cloudfoundry.org/blog/usn-6694-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6694-1
History
2024-03-14: Initial vulnerability report published.