Ubuntu 6282 Published by

A XMLTooling security update has been released for Ubuntu Linux 16.04 LTS.

[USN-6274-1] XMLTooling vulnerability

Ubuntu Security Notice USN-6274-1
August 03, 2023

xmltooling vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)


XMLTooling could be made to allow for unintended server side actions
if it received specially crafted input.

Software Description:
- xmltooling: C++ XML parsing library with encryption support


Jurien de Jong discovered that XMLTooling did not properly handle certain
KeyInfo element content within an XML signature. An attacker could possibly
use this issue to achieve server-side request forgery.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libxmltooling6v5                1.5.6-2ubuntu0.3+esm1

After a standard system update you need to restart the
shibd process to make all the necessary changes.