expat-2.2.5-17.el8_10

エラータID: AXSA:2025-9859:02

リリース日: 
2025/04/18 Friday - 15:57
題名: 
expat-2.2.5-17.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Expat is a C library for parsing XML documents.

Security Fix(es):

* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

解決策: 

Update packages.

CVE: 
CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. expat-2.2.5-17.el8_10.src.rpm
    MD5: 949e82e7123c599b3ce049bf7f59ff34
    SHA-256: 4d25d50bcb90ad0bb091c8978c8f23c0a17b4a9be52cf87b1f903df0d54d8724
    Size: 7.96 MB

Asianux Server 8 for x86_64
  1. expat-2.2.5-17.el8_10.i686.rpm
    MD5: 06ec71bcabf12cff1520b456e0ef634b
    SHA-256: b3538faf9aa88789375554d4c2f7b87239ce2a000fabe63db7a70958b9e9c0ef
    Size: 113.91 kB
  2. expat-2.2.5-17.el8_10.x86_64.rpm
    MD5: 2976f006ce43da74d9be7ba3a3612d55
    SHA-256: e15d1bf4cad69c2f4cae44b9c4d7534026dc6c2f4b66e23601d3a8e94369be17
    Size: 114.08 kB
  3. expat-devel-2.2.5-17.el8_10.i686.rpm
    MD5: ea020cb22a6195267c2404b92ec5f50a
    SHA-256: 0c9357f855c5d8ee3acd6b87b20bd2d5681a6340cb4ca5ecf5304adedd6d6166
    Size: 57.38 kB
  4. expat-devel-2.2.5-17.el8_10.x86_64.rpm
    MD5: 5162c1877afd95feeee22ed6add4e02e
    SHA-256: 1f5f29c9890236f1478bf0c139e02fbf5c9f8c3eab77135974b062454a4987b8
    Size: 57.36 kB