expat-2.2.5-11.el8_9.1

エラータID: AXSA:2024-7647:02

Release date: 
Thursday, April 4, 2024 - 13:34
Subject: 
expat-2.2.5-11.el8_9.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Solution: 

Update packages.

CVEs: 
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.2.5-11.el8_9.1.src.rpm
    MD5: 9d507a6b6b65c4a6d8bd8977a8d11a9d
    SHA-256: 71e07100ea7d48f9ced0d5f50c9896f88156a1d0d99c43be5adc6ec51e22b419
    Size: 7.94 MB

Asianux Server 8 for x86_64
  1. expat-2.2.5-11.el8_9.1.i686.rpm
    MD5: 57ea8cc3c3decbc9b785e627310fecae
    SHA-256: 3c17b717457e5f6be3dd9a65b7c27864fc08210d23833d7d458d180ee2b62c2c
    Size: 112.66 kB
  2. expat-2.2.5-11.el8_9.1.x86_64.rpm
    MD5: 5636667a3f29fcd4bc2df05424d96d0c
    SHA-256: fb7d3c2db351f6217dd91f939f7d63f395e7a948483ca639a66ae6507d0b6291
    Size: 112.79 kB
  3. expat-devel-2.2.5-11.el8_9.1.i686.rpm
    MD5: cdd540d3e56f480397045d40c27afcb8
    SHA-256: 0adc02b06795b837bbba975ac89a8d048e6e177c2a0a000c82c7d708e9782002
    Size: 56.69 kB
  4. expat-devel-2.2.5-11.el8_9.1.x86_64.rpm
    MD5: 58f73db103ad6877436f80c0e5064445
    SHA-256: 08af387b925109d2035b91fd63d2078ea7c8a23e1f28789e15c522392e506a12
    Size: 56.66 kB