Release date:
2024-12-25 12:16:30 UTC
Description:
* SECURITY UPDATE: Crash in XML_ResumeParser due to XML_StopParser issue
- debian/patches/CVE-2024-50602.patch: Refuse to stop/suspend an unstarted
parser due to XML_ERROR_NOT_STARTED
- debian/patches/CVE-2024-50602-1.patch: Explicitly specify XML_PARSING in
XML_StopParser to ensure correct parsing status handling
- debian/patches/CVE-2024-50602-2.patch: Add test_misc_resumeparser_not_crashing
and test_misc_stopparser_rejects_unstarted_parser to cover the issue
- CVE-2024-50602
Updated packages:
-
expat_2.2.5-3ubuntu0.9+tuxcare.els3_amd64.deb
sha:76ccd1977598353fcaa882d409cf62813843f640
-
libexpat1_2.2.5-3ubuntu0.9+tuxcare.els3_amd64.deb
sha:ff7e5aee67afa8abc69c22d0e4fffda72bf0862b
-
libexpat1-dev_2.2.5-3ubuntu0.9+tuxcare.els3_amd64.deb
sha:eb682027be814e821263d8cef021760b114bc092
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
