Release date:
2026-01-07 15:28:05 UTC
Description:
- Rebase to version 2.5.0
- CVE-2024-28757: prevent billion laughs attacks in isolated external parser
(part of #839), reject direct parameter entity recursion (part of #839)
- CVE-2025-59375: fix memory amplification and add allocation tracker
- CVE-2013-0340: properly handle entities expansion
Updated packages:
-
expat-2.5.0-1.el8.tuxcare.els1.i686.rpm
sha:307e14b20e2a43575aac3d870542a620d372169aedcfbb52563a2fbcb4edf4eb
-
expat-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:dfc1c561f211da9f58266321ef09a93f08c4248fdddacb1de0e7dd41da87f893
-
expat-devel-2.5.0-1.el8.tuxcare.els1.i686.rpm
sha:41051a087aff6b06935eafe5ffc4fb0322673a74c2d0193bbcfc20fa0097bc20
-
expat-devel-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:02a888760b7ce100e7c6a261a558abc6b8f481a76006d5a8a9693d589a65a8d3
-
expat-static-2.5.0-1.el8.tuxcare.els1.x86_64.rpm
sha:5a8233737761745aac5c4f839fb43688475baaa2d1e4566336d837bc605edc94
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
