expat-2.5.0-5.el9_6

エラータID: AXSA:2025-10214:03

Release date: 
Monday, June 30, 2025 - 16:59
Subject: 
expat-2.5.0-5.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Solution: 

Update packages.

CVEs: 
CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Additional Info: 

N/A

Download: 

SRPMS
  1. expat-2.5.0-5.el9_6.src.rpm
    MD5: 944e63b5144d6f9fa85cc7b27c2fb068
    SHA-256: a3ce31da51a7c8dc450d62b2278b29cc7b40949d9b993145629fc8585dc65386
    Size: 7.98 MB

Asianux Server 9 for x86_64
  1. expat-2.5.0-5.el9_6.i686.rpm
    MD5: d83232bf5bf27b0dee08002938878053
    SHA-256: 70ddb869b375968c40a9ae464e6748465297a508ee3eb3efcd1a4b17d629bbd5
    Size: 117.90 kB
  2. expat-2.5.0-5.el9_6.x86_64.rpm
    MD5: 08d1e3f363ead8da9b1160a454f96860
    SHA-256: b20967d025fb109801bef09df24902a8ac375e9bb65f1d7e364e2ec7136fede2
    Size: 114.93 kB
  3. expat-devel-2.5.0-5.el9_6.i686.rpm
    MD5: ff70e3aa4a483155de8478e7944a97b8
    SHA-256: 81090765447bdb3bc5849398854a49bcb600aa89952d5fe8052e42a21d863bcb
    Size: 55.08 kB
  4. expat-devel-2.5.0-5.el9_6.x86_64.rpm
    MD5: 2bf181f09879e3462c12871396c2f5e5
    SHA-256: d74f51e19e8789220fd8e13dac8ce80dcf2b66037db075f49321411c05df06b6
    Size: 55.08 kB