Severity:
('Important', ['ELSCVE-79329', 'ELSCVE-79323', 'ELSCVE-79301', 'ELSCVE-79276'])
Release date:
2026-04-17 13:36:32 UTC
Description:
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor
and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of
large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
Updated packages:
-
expat-2.1.0-15.0.7.amzn2.tuxcare.els1.i686.rpm
sha:c43b0d78d6aa8741a064da1c39baeff58d57be6c5409f04f3b39e2013f9dafd1
-
expat-2.1.0-15.0.7.amzn2.tuxcare.els1.x86_64.rpm
sha:7db730ff49a007a11803115f0d880e8db2e5c0027e2f7f1c7f57af3740501c73
-
expat-devel-2.1.0-15.0.7.amzn2.tuxcare.els1.x86_64.rpm
sha:ecf448c910436e001b11129460cc08277082e29c3357959b271c941a662ac789
-
expat-static-2.1.0-15.0.7.amzn2.tuxcare.els1.x86_64.rpm
sha:be31fcc39d9331c5285bd5cbea7365fc0fecce3d6e33a544fde9c5aa61006197
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
