Home / mailings [USN-8022-2] Expat vulnerabilities
Posted on 16 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8022-2
February 16, 2026
expat vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Expat.
Software Description:
- expat: XML parsing C library
Details:
USN-8022-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that Expat incorrectly handled the initialization of parsers
for external entities. An attacker could possibly use this issue to cause a
denial of service. (CVE-2026-24515)
It was discovered that Expat incorrectly handled integer calculations when
allocating memory for XML tags. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2026-25210)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
expat 2.6.1-2ubuntu0.4
libexpat1 2.6.1-2ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8022-2
https://ubuntu.com/security/notices/USN-8022-1
CVE-2026-24515, CVE-2026-25210
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.6.1-2ubuntu0.4
--===============6437360543490725782==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
