Release date:
2026-05-21 10:26:02 UTC
Description:
* SECURITY UPDATE: Denial of service via quadratic attribute-name
collision check in libexpat before 2.8.1
- debian/patches/CVE-2026-45186.patch: introduce per-element
defaultAttsNames hash table and use it for O(1) attribute
collision detection in defineAttribute
- CVE-2026-45186
Updated packages:
-
expat_2.2.6-2+deb10u7+tuxcare.els5_amd64.deb
sha:d6348f696f0730960412ffeeab9eccc16ceb9568
-
libexpat1_2.2.6-2+deb10u7+tuxcare.els5_amd64.deb
sha:718599568d86568d496cad48b544991ee16f0f1e
-
libexpat1-dev_2.2.6-2+deb10u7+tuxcare.els5_amd64.deb
sha:41dbc649f7234aff56b3fcefe717dba6a689316d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
