Home / mailings [USN-8460-1] libxml2 vulnerabilities
Posted on 22 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8460-1
June 22, 2026
libxml2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
Summary:
Several security issues were fixed in libxml2.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxml2 did not properly release memory allocated in
the xmllint utility. An attacker could possibly use this issue to cause a
denial of service. (CVE-2026-1757)
A type confusion vulnerability was found in libxml2 when processing a
specially crafted XML document. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2026-6732)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libxml2-16 2.15.2+dfsg-0.1ubuntu0.1
libxml2-dev 2.15.2+dfsg-0.1ubuntu0.1
libxml2-source 2.15.2+dfsg-0.1ubuntu0.1
libxml2-utils 2.15.2+dfsg-0.1ubuntu0.1
python3-libxml2 2.15.2+dfsg-0.1ubuntu0.1
Ubuntu 25.10
libxml2-16 2.14.5+dfsg-0.2ubuntu0.2
libxml2-dev 2.14.5+dfsg-0.2ubuntu0.2
libxml2-utils 2.14.5+dfsg-0.2ubuntu0.2
python3-libxml2 2.14.5+dfsg-0.2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8460-1
CVE-2026-1757, CVE-2026-6732
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.15.2+dfsg-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml2/2.14.5+dfsg-0.2ubuntu0.2
--===============5910331675710544367==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
