CentOS ProjectCESA-2020:1011expat security update
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.033 Low
EPSS
Percentile
91.4%
CentOS Errata and Security Advisory CESA-2020:1011
Expat is a C library for parsing XML documents.
Security Fix(es):
- expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032514.html
Affected packages:
expat
expat-devel
expat-static
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:1011
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | i686 | expat | < 2.1.0-11.el7 | expat-2.1.0-11.el7.i686.rpm |
| CentOS | 7 | x86_64 | expat | < 2.1.0-11.el7 | expat-2.1.0-11.el7.x86_64.rpm |
| CentOS | 7 | i686 | expat-devel | < 2.1.0-11.el7 | expat-devel-2.1.0-11.el7.i686.rpm |
| CentOS | 7 | x86_64 | expat-devel | < 2.1.0-11.el7 | expat-devel-2.1.0-11.el7.x86_64.rpm |
| CentOS | 7 | i686 | expat-static | < 2.1.0-11.el7 | expat-static-2.1.0-11.el7.i686.rpm |
| CentOS | 7 | x86_64 | expat-static | < 2.1.0-11.el7 | expat-static-2.1.0-11.el7.x86_64.rpm |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.033 Low
EPSS
Percentile
91.4%