Severity:
('Important', [])
Release date:
2026-04-17 17:50:49 UTC
Description:
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor
and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of
large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
Updated packages:
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:c43ed523add96e598f68afc23cf07928344705e3019f404db99074ff3b96b81e
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:20910b073769b8bf299e7ffaef86c35fb23ba44623ef88efaabf7851fe14da16
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:64e45de3dba0f5d3ed6b877d4df35e47da1add50cb7da8e07f997c337154859a
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:9fad19ade4ea380f40fedba35b1f9b62db45e1804d4eae866dbf320e54145254
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:0a80b5d65f8f562f75c2654a666179494b26aea0b4a39ef76505c7c7aadabe30
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:4558eec215fe889bf870c704742a2e631ab8d4da2d75e376a5d35ca95dcadfbc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
