libxml2 vulnerability
Published: Mon, 22 Jun 2026 12:09
Summary
libxml2 could be made to crash or run programs if it received specially crafted input.
Details
Geoffrey Humphreys discovered that libxml2 had a use after free when parsing the internal subset of a DTD. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
libxml2→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-dev→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-doc→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-utils→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-utils
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-libxml2→2.9.13+dfsg-1ubuntu0.12apt_upgradeStandard apt upgrade. Install 2.9.13+dfsg-1ubuntu0.12 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
libxml2→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-dev→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-doc→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libxml2-utils→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libxml2-utils
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-libxml2→2.9.14+dfsg-1.3ubuntu3.8apt_upgradeStandard apt upgrade. Install 2.9.14+dfsg-1.3ubuntu3.8 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-libxml2
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8456-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8456-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.