Release date:
2026-01-07 15:12:38 UTC
Description:
- Rebase to version 2.5.0
- CVE-2024-28757: prevent billion laughs attacks in isolated external parser
(part of #839), reject direct parameter entity recursion (part of #839)
- CVE-2025-59375: fix memory amplification and add allocation tracker
- CVE-2013-0340: properly handle entities expansion
Updated packages:
-
expat-2.5.0-1.el8.tuxcare.els1.i686.rpm
sha:8314a5fbe5f16890df5405a76b105b4ea43e9e4d51570d55d4b13d032d2f5ae7
-
expat-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:8b639605f8ee725ad2a21660dbab3c9c90d5ad644ade01ef21ebc2a3fe92c2df
-
expat-devel-2.5.0-1.el8.tuxcare.els1.i686.rpm
sha:2630ecfe9e522cd965f9262555ff001b3f92cc47216335f66a6b869334921f24
-
expat-devel-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:7ebcf6a06a6c27e3543fccad3c6d3f0f78fc288050097fa170968d95e925d8dd
-
expat-static-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:63af3a88ad212f1d1785547a617229b8027fb3311e4f565defed847ddc263df0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
