Release date:
2026-05-19 09:38:08 UTC
Description:
* SECURITY UPDATE: denial of service via O(n^2) attribute name collision
check with moderately sized crafted XML input
- debian/patches/CVE-2026-45186.patch: replace linear scan in
defineAttribute() with O(1) hash table lookup using new
ELEMENT_TYPE.defaultAttsNames field in expat/lib/xmlparse.c
- CVE-2026-45186
Updated packages:
-
expat_2.2.9-1ubuntu0.8+tuxcare.els4_amd64.deb
sha:2696f96773e3b10ea729ed5161ca0f3c17603958
-
libexpat1_2.2.9-1ubuntu0.8+tuxcare.els4_amd64.deb
sha:95c016e6b0153dd6d0c623e84a7c15278f04dacd
-
libexpat1-dev_2.2.9-1ubuntu0.8+tuxcare.els4_amd64.deb
sha:54cac06a2218bb174302452028f78dd92178ae5f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
