14 DAY TRIAL // Details about an lxml vulnerability in Ubuntu 14.04 LTS, Ubuntu 13.10, and Ubuntu 12.04 LTS operating systems have been published by Canonical in a security notice.
Ubuntu distros regularly get updates for various vulnerabilities found in packages that have been integrated in the operating systems. This is a not a major security problem, but the developers have closed it nonetheless.
According to the security notice, “It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.”
For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.
The flaw can be fixed if you upgrade your system(s) to the latest python3-lxml and python-lxml packages specific to each distribution. To apply the patch, users can simply run the Update Manager application.
If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get update sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. Restarting the computer is needed to complete the updating procedure and to fix the issue.