[CLSA-2026:1784032274] expat: Fix of 7 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-07-14 16:23:56 UTC
Description:
- CVE-2026-56132: fix out-of-bound scaffolding index store in doProlog - CVE-2026-56403: protect storeAtts and xmlwf xcsdup from signed integer overflow - CVE-2026-56404: protect addBinding from signed integer overflow - CVE-2026-56405: protect getAttributeId from signed integer overflow - CVE-2026-56406: add missing overflow check to XML_ParseBuffer - CVE-2026-56410: protect xmlwf resolveSystemId from integer overflow - CVE-2026-56411: protect xmlwf notation list allocation from integer overflow
Updated packages:
  • expat-2.5.0-5.el9_6.tuxcare.els9.i686.rpm
    sha:b5a5845964ef54c38bd1580304157ae99065600a89a544744a496bfcb0a4f34b
  • expat-2.5.0-5.el9_6.tuxcare.els9.x86_64.rpm
    sha:a1be5376229358fcd499ced367a510bd6d3a358b1669a94145f31ac67ca6b863
  • expat-devel-2.5.0-5.el9_6.tuxcare.els9.i686.rpm
    sha:9839239a26bb98422beee0ce613b8ed3db79ea98ec6ea75d10161cbfcc22b466
  • expat-devel-2.5.0-5.el9_6.tuxcare.els9.x86_64.rpm
    sha:bf232ea83828f070e54ffd9a97351a4c99967690ae1ff063a9445dd6ac3e7d67
  • expat-static-2.5.0-5.el9_6.tuxcare.els9.x86_64.rpm
    sha:f5d964c563257f3604a2bdfdae32acb058ed311d958f78df49c23744cd0fd1bc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.