expat-2.5.0-3.el9_5.3

エラータID: AXSA:2025-9828:01

Release date: 
Friday, April 4, 2025 - 16:28
Subject: 
expat-2.5.0-3.el9_5.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Solution: 

Update packages.

CVEs: 
CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.5.0-3.el9_5.3.src.rpm
    MD5: 6f207c5c24c36d24201fb592edb8a0df
    SHA-256: a007a1360fffb2415dc97f1ac0266649ef01e5457fc0abbe6dd846cfccd9f0fc
    Size: 7.98 MB

Asianux Server 9 for x86_64
  1. expat-2.5.0-3.el9_5.3.i686.rpm
    MD5: 766f74fd5fefe04c63c45870c78cab51
    SHA-256: 70ad11f3d3b2e727c8192b5abe24af1520d308975f9b1662595fe1930effcfb4
    Size: 118.24 kB
  2. expat-2.5.0-3.el9_5.3.x86_64.rpm
    MD5: cfdd8796e76420d513a5f13d8ecaacab
    SHA-256: d11f4a0676bb9c1ca3752738df1fa8d8783d16e081702f1816927b95ce14a0da
    Size: 115.33 kB
  3. expat-devel-2.5.0-3.el9_5.3.i686.rpm
    MD5: 254a2ab3d84928f3759e1b5d3e32dcea
    SHA-256: 06a2768de871068a8c74a77a556dd389323eacbb9e0f49a8a6d0a90c08b75b76
    Size: 55.21 kB
  4. expat-devel-2.5.0-3.el9_5.3.x86_64.rpm
    MD5: 6f7cdcd6c697532c1cf398e6d9eaa2c5
    SHA-256: 7c12de054650c16bbf2a0a189efdaed3473079a3d4336a8dc43cfd62cb6ada1d
    Size: 55.20 kB