Severity:
('Important', ['ELSCVE-95519', 'ELSCVE-95518', 'ELSCVE-85082', 'ELSCVE-48544'])
Release date:
2026-04-17 16:02:54 UTC
Description:
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor
and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of
large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
Updated packages:
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:2ab704f1f93aecedf9114eafe271b2c4b3a705f286236a641c197b18d249d06a
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:37de151dc3f4a53fbe0cf2bca3bda6711f755a21e333601240d08cbce6b8bcf0
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:5480fc17783a572f119217c0440a96b3c7a679b6b228a0df41f32e9094531fa8
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:e4c85cfe5b0dd2aa875a672657fab5cd2f4139295e09893cd9c91cb6bcacd506
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:45b7d811d33ad374230c3e6a03532144bc65dfa93506c44e053155fa0b4302c0
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:84bb60d8ebfd36d4186be2231a272893097991a0459e70373fbab14d698c649f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
