Release date:
2026-04-19 13:35:59 UTC
Description:
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor
and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of
large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
Updated packages:
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:f9311d81b9383e8f73c40d3538097867481db48a5f7888fbe35a9da22f798335
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:1cf9ea95469e9cb58f657668126ec65444ea9de01e70f0e4ab4bbc0da6b83159
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:afba394fb3e4b666461b871a38f320e67486f45a8decbd3a8825587f6ce167be
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:08a6e6810c0c1d74da475e8d6f4a46f12a9836043219ec100b4c3e57fb77e951
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:437f1365c3e6dbb0ecc5afed71f0daf25df9f126b9be6368b34c19b21164a4d9
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:cfed5489307572e05b2d6f2b332e0d25649c958ca7272e7b7fad27be55a1bab1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
