[CLSA-2026:1767799061] expat: Fix of 3 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-01-07 15:17:44 UTC
Description:
- Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser (part of #839), reject direct parameter entity recursion (part of #839) - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion
Updated packages:
  • expat-2.5.0-1.el8.tuxcare.els1.i686.rpm
    sha:cc1fd1d87ab9b99077b8248c034a835dfb9e8d46c15c00feee9534afebeeb89b
  • expat-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
    sha:bc09e2bab4115de81d4a2a55bc1542b2da476e7949c34d597b1401b02f52afa4
  • expat-devel-2.5.0-1.el8.tuxcare.els1.i686.rpm
    sha:be68a5a5d1ac4d361ee0d0147300e20b9ac9804dcb7fbca83c13cef051715a10
  • expat-devel-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
    sha:e625112a94ae50db205fb01561472a8e82cb7f810658affb7f0b6e8185bea25d
  • expat-static-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
    sha:ec216628470ceb120ef800248a5db78b4876ca49de724d0ea6d6f08b9b839823
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.