USN-8240-1

Details

It was discovered that Expat, vendored in Swish-e incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25235, CVE-2022-25236)

Affected Packages

swish-e

Ubuntu Pro 16.04 LTS

Fixed in:

2.4.7-4ubuntu0.1~esm1

swish-e

Ubuntu Pro 18.04 LTS

Fixed in:

2.4.7-5ubuntu1+esm1

swish-e

Ubuntu Pro 20.04 LTS

Fixed in:

2.4.7-6ubuntu0.1~esm1

swish-e

Ubuntu Pro 22.04 LTS

Fixed in:

2.4.7-6.1ubuntu0.1~esm1

swish-e

Ubuntu Pro 24.04 LTS

Fixed in:

2.4.7-6.2ubuntu0.1~esm1

swish-e

Ubuntu Pro 26.04 LTS

Fixed in:

2.4.7-7.1ubuntu0.1~esm1

References

REPORT

https://ubuntu.com/security/CVE-2022-25235

REPORT

https://ubuntu.com/security/CVE-2022-25236

ADVISORY

https://ubuntu.com/security/notices/USN-8240-1