SecurityHome.eu [USN-8313-1] XML-RPC for C and C++ vulnerabilities

Home / mailings PDF

[USN-8313-1] XML-RPC for C and C++ vulnerabilities
Posted on 27 May 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-8313-1
May 27, 2026

xmlrpc-c vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in XML-RPC for C and C++.

Software Description:
- xmlrpc-c: Lightweight RPC library based on XML and HTTP

Details:

It was discovered that Expat, vendored in XML-RPC, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libxmlrpc-c++8t64 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3t64 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libxmlrpc-c++8v5 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libxmlrpc-c++8v5 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libxmlrpc-c++8v5 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libxmlrpc-c++8v5 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libxmlrpc-c++8 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8313-1
CVE-2022-25235, CVE-2022-25236

--===============2818976334897360912==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20