expat-2.5.0-1.el9_3.1

エラータID: AXSA:2024-7643:01

Release date: 
Thursday, April 4, 2024 - 10:30
Subject: 
expat-2.5.0-1.el9_3.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers.

Security Fix(es):

* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)
* expat: XML Entity Expansion (CVE-2024-28757)

CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Solution: 

Update packages.

CVEs: 
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.5.0-1.el9_3.1.src.rpm
    MD5: 38bd3c1b697adbfcc2864954f7c1b5d4
    SHA-256: 46e07ab9fce8d0d933f27a44bc03d08441669f81b8ec83c02952fb591cb1405f
    Size: 7.97 MB

Asianux Server 9 for x86_64
  1. expat-2.5.0-1.el9_3.1.i686.rpm
    MD5: d03dfcc951924f12c46c0d14588b06fd
    SHA-256: 1917388a5adef2f6c342c15f22ddf1227754d020eb0aeeed8a7472592bd9f874
    Size: 117.94 kB
  2. expat-2.5.0-1.el9_3.1.x86_64.rpm
    MD5: 39a1d39d81028f08ce2aebfd09b96a18
    SHA-256: d90af18885d74ce4c0faae451ed53afc3d56ea4e562e4dcd9a265226b8396d6f
    Size: 114.97 kB
  3. expat-devel-2.5.0-1.el9_3.1.i686.rpm
    MD5: d3f9e69630da2c9bfba19f707e3d7dd7
    SHA-256: 6e02f74e286fcf26f423369b48873a0e42cd5f0347b90adc94cb42c61a51305a
    Size: 55.65 kB
  4. expat-devel-2.5.0-1.el9_3.1.x86_64.rpm
    MD5: d1b83077165bba99c74f50a5b8261fc4
    SHA-256: ef9cdef46576aec3dec6e087ab44a75cd673983084a428effd93d4828325463f
    Size: 55.65 kB