[CLSA-2026:1770899757] Fix CVE(s): CVE-2026-24515

Type:

security

Severity:

Low

Release date:

2026-02-12 12:36:01 UTC

Description:

   * SECURITY UPDATE: XML_ExternalEntityParserCreate failure to copy the
     encoding handler data can cause a NULL dereference (CWE-476) from external
     entities that declare use of an unknown encoding. The expected impact is
     denial of service.
     - debian/patches/CVE-2026-24515.patch: Make XML_ExternalEntityParserCreate
       copy unknown encoding handler user data
     - CVE-2026-24515

Updated packages:

expat_2.1.0-7ubuntu0.16.04.5+tuxcare.els7_amd64.deb
sha:3d6b5f78beb393e049457592b5bb6a50f50cb785
libexpat1_2.1.0-7ubuntu0.16.04.5+tuxcare.els7_amd64.deb
sha:a540f8637227cee9422613adc26e569b84a749c0
libexpat1-dev_2.1.0-7ubuntu0.16.04.5+tuxcare.els7_amd64.deb
sha:82c42a109bb2f327f6344fe6dbbb238cfb9204c2

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.