Home / mailings [USN-8520-1] Expat vulnerability
Posted on 09 July 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8520-1
July 09, 2026
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Expat could be made to crash if it received specially crafted input.
Software Description:
- expat: XML parsing C library
Details:
It was discovered that Expat used insufficient entropy when generating
hash salt values for its internal hash table. An attacker could use this
to craft an XML document that triggers hash flooding, leading to a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libexpat1 2.1.0-7ubuntu0.16.04.5+esm12
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8520-1
CVE-2026-41080
--===============0398454388967799503==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
