Release date:
2026-04-19 13:32:04 UTC
Description:
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor
and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of
large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb)
attack protection with amplification limit (100x max, 8 MiB activation
threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
Updated packages:
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:dd0a9797de5c0d2beba25c30b914d428b8ceaee15b7a9e7a7cb796d429f8798d
-
expat-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:9f9c2c53dc3ce9c3c6604a12cfcd25f634ff0d8a048bc994970685154317b0d2
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:be64b36296c3d30553702a3d791a09deb5a1d597db576fdb73f82c1c1aa2ba83
-
expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:cbea6d7ea0315c6a4d3c1c8838d6bda4a20b076f83021bda7e7d3431f8432294
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm
sha:0965d4c376373b21f83a0930d423533466324cde3f9c824524895959e36f4d6d
-
expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm
sha:1ff507d21d0122dbf1b5d915a8de5e49b4558ab714fd7dea0efb799f50dd1ae6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
