Important Photon OS Security Update - PHSA-2026-5.0-0756

Updates of 'expat' packages of Photon OS have been released...

MGASA-2025-0240 Updated expat packages fix security vulnerabilities

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small...

Important Photon OS Security Update - PHSA-2025-5.0-0642

Updates of 'expat', 'linux' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2025-4.0-0793

Updates of 'expat' packages of Photon OS have been released...

Updated expat packages fix security vulnerability

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 NOTE: upstream deemed this fix incomplete after it was initially pushed. The complete fix was submitted along with the fix for CVE-2025-59375...

MGASA-2025-0109 Updated expat packages fix security vulnerability

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 NOTE: upstream deemed this fix incomplete after it was initially pushed. The complete fix was submitted along with the fix for CVE-2025-59375...

RHBA-2022:4046 Red Hat Bug Fix Advisory: new packages: expat

Bulletin has no description...

Important: expat

Issue Overview: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.4.20240401 or dnf update --adviso...

MGASA-2024-0072 Updated expat packages fix security vulnerabilities

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...

NewStart CGSL MAIN 6.02 : expat Vulnerability (NS-SA-2023-0072)

The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by a vulnerability: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Nessus has not tested for this issue but has instead relied...

MGASA-2022-0352 Updated expat packages fix security vulnerability

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674...

Important: Red Hat Bug Fix Advisory: new packages: expat

New expat packages are available for Red Hat Enterprise Linux 9. For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.0 Release Notes linked from the References section...

MGASA-2022-0048 Updated expat packages fix security vulnerability

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990...

NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Multiple Vulnerabilities (NS-SA-2021-0026)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amoun...

NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and...

MGASA-2019-0321 Updated expat packages fix security vulnerability

It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...

Updated expat packages fix security vulnerability

It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...

EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1841)

According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amou...

EulerOS Virtualization 3.0.1.0 : expat (EulerOS-SA-2019-1446)

According to the version of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML tha...

MGASA-2016-0227 Updated expat packages fix security vulnerabilities

Updated expat packages fix security vulnerabilities: An issue was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls CVE-2012-6702. Due to an incomplete solution...