==========================================================================
Ubuntu Security Notice USN-7215-1
January 16, 2025

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

libxml2 could be made to expose sensitive information over the network.

Software Description:
- libxml2: GNOME XML library

Details:

Xisco Fauli discovered that libxml2 incorrectly handled custom SAX
handlers. A remote attacker could possibly use this issue to perform XML
External Entity (XXE) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  libxml2                         2.12.7+dfsg-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7215-1
  CVE-2024-40896

Package Information:
  https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg-3ubuntu0.1