[USN-6274-1] XMLTooling vulnerability
Ubuntu Security Notice USN-6274-1
August 03, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
XMLTooling could be made to allow for unintended server side actions
if it received specially crafted input.
- xmltooling: C++ XML parsing library with encryption support
Jurien de Jong discovered that XMLTooling did not properly handle certain
KeyInfo element content within an XML signature. An attacker could possibly
use this issue to achieve server-side request forgery.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
After a standard system update you need to restart the
shibd process to make all the necessary changes.
A XMLTooling security update has been released for Ubuntu Linux 16.04 LTS.