[CLSA-2026:1784111441] expat: Fix of 7 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-07-15 10:31:00 UTC
Description:
- CVE-2026-56132: fix out-of-bound scaffolding index store in doProlog - CVE-2026-56403: protect storeAtts and xmlwf xcsdup from signed integer overflow - CVE-2026-56404: protect addBinding from signed integer overflow - CVE-2026-56405: protect getAttributeId from signed integer overflow - CVE-2026-56406: add missing overflow check to XML_ParseBuffer - CVE-2026-56410: protect xmlwf resolveSystemId from integer overflow - CVE-2026-56411: protect xmlwf notation list allocation from integer overflow
Updated packages:
  • expat-2.5.0-1.el9_2.tuxcare.els13.i686.rpm
    sha:0b71a3c0d340de3ab5ca52ac20c0c66aa14a8c071ab4bae4cd29232b494cc242
  • expat-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:2ffef5b4f5ef044dcbdd13cee76f0761f4497b564843a9508f3e29398a3078ce
  • expat-devel-2.5.0-1.el9_2.tuxcare.els13.i686.rpm
    sha:8e673f77a66615d9c19deb30ef0611c08fe8800ba744f803aa8f32f7105d7f9e
  • expat-devel-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:dbc9a5826a754eeebc049caa198effaabe52be55b9fb07770e117dda68c83290
  • expat-static-2.5.0-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:8b08ae597aaf2442c29b5d074b7861589d9013a71d9919702da6609fa080cf4c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.