SUSE-SU-2025:1186-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20251186-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1186-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:1186-1
- Related
- Published
- 2025-04-09T14:28:12Z
- Modified
- 2025-04-10T13:00:27.227297Z
- Upstream
- Summary
- Security update for expat
- Details
-
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XMLGetCurrentByteCount - XMLGetCurrentByteIndex - XMLGetCurrentColumnNumber - XMLGetCurrentLineNumber - XMLGetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xmllpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat.so.1.10.1) to 11:2:10 (libexpat.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SOMAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XMLERRORNOTSTARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat.so.1.10.0)
to 11:1:10 (libexpat.so.1.10.1); see https://verbump.de/
for what these numbers do
- Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do
- References
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / expat
Package
- Name
- expat
- Purl
- pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / expat
Package
- Name
- expat
- Purl
- pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / expat
Package
- Name
- expat
- Purl
- pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
SUSE:Linux Enterprise Micro 5.1 / expat
Package
- Name
- expat
- Purl
- pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / expat
Package
- Name
- expat
- Purl
- pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2