USN-6694-1: Expat vulnerabilities

Operations Manager

1 more products

24681

07 August 2024

15 July 2024

CLOSED

MEDIUM

CVE-2023-52425;CVE-2024-28757

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 22.04

Description

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757) Update Instructions: Run `sudo pro fix USN-6694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.4.7-1ubuntu0.3 libexpat1 - 2.4.7-1ubuntu0.3 libexpat1-dev - 2.4.7-1ubuntu0.3 No subscription required.

Fixed VMware Products and Versions

  • Cflinuxfs4
    • 1.83.0 or greater
  • Jammy Stemcells
    • 1.406 or greater
  • Operations Manager Image
    • 3.0.25+LTS-T or greater
  • Isolation Segment
    • 4.0.20+LTS-T or greater
    • 5.0.10 or greater
  • VMware Tanzu Application Service for VMs
    • 4.0.20+LTS-T or greater
    • 5.0.10 or greater
  • Operation Manager
    • 3.0.25+LTS-T or greater

References

https://ubuntu.com/security/notices/USN-6694-1

https://www.cloudfoundry.org/blog/usn-6694-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6694-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24681

History

2024-03-14: Initial vulnerability report published.