Release date:
2026-07-15 10:31:00 UTC
Description:
- CVE-2026-56132: fix out-of-bound scaffolding index store in doProlog
- CVE-2026-56403: protect storeAtts and xmlwf xcsdup from signed integer overflow
- CVE-2026-56404: protect addBinding from signed integer overflow
- CVE-2026-56405: protect getAttributeId from signed integer overflow
- CVE-2026-56406: add missing overflow check to XML_ParseBuffer
- CVE-2026-56410: protect xmlwf resolveSystemId from integer overflow
- CVE-2026-56411: protect xmlwf notation list allocation from integer overflow
Updated packages:
-
expat-2.5.0-1.el9_2.tuxcare.els13.i686.rpm
sha:0b71a3c0d340de3ab5ca52ac20c0c66aa14a8c071ab4bae4cd29232b494cc242
-
expat-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
sha:2ffef5b4f5ef044dcbdd13cee76f0761f4497b564843a9508f3e29398a3078ce
-
expat-devel-2.5.0-1.el9_2.tuxcare.els13.i686.rpm
sha:8e673f77a66615d9c19deb30ef0611c08fe8800ba744f803aa8f32f7105d7f9e
-
expat-devel-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
sha:dbc9a5826a754eeebc049caa198effaabe52be55b9fb07770e117dda68c83290
-
expat-static-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
sha:8b08ae597aaf2442c29b5d074b7861589d9013a71d9919702da6609fa080cf4c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.