[CLSA-2026:1780672758] Fix CVE(s): CVE-2026-41080

Type:

security

Severity:

Low

Release date:

2026-06-05 15:19:40 UTC

Description:

   * SECURITY UPDATE: Insufficient entropy used for hash flooding protection allowing hash flooding via a crafted XML document (libexpat before 2.8.0)
     - debian/patches/CVE-2026-41080.patch: extract 16 bytes of entropy
       into a 128-bit SipHash key for hash flooding protection, and add the
       new XML_SetHashSalt16Bytes() API (backport of upstream PR #1183)
     - debian/libexpat1.symbols: add XML_SetHashSalt16Bytes
     - CVE-2026-41080

CVEs fixed:

CVE-2026-41080

Updated packages:

expat_2.2.6-2+deb10u7+tuxcare.els6_amd64.deb
sha:ba7a41e8a619213ab51f17d02e8fed4623f73df3
libexpat1_2.2.6-2+deb10u7+tuxcare.els6_amd64.deb
sha:9a7367c5fe9290c964d7aad7e31262699b305299
libexpat1-dev_2.2.6-2+deb10u7+tuxcare.els6_amd64.deb
sha:192287188a9ef707a9a5beaad4ff9302b39de7ea

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.