UbuntuUpdates.org

Package "libexpat1"

Name: libexpat1

Description:

XML parsing C library - runtime library

Latest version: 2.6.2-2ubuntu0.1
Release: oracular (24.10)
Level: updates
Repository: main
Head package: expat
Homepage: https://libexpat.github.io/

Links


Download "libexpat1"


Other versions of "libexpat1" in Oracular

Repository Area Version
base main 2.6.2-2
security main 2.6.2-2ubuntu0.1

Changelog

Version: 2.6.2-2ubuntu0.1 2024-12-10 02:06:56 UTC

  expat (2.6.2-2ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: denial-of-service via XML_ResumeParser
    - debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
      expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
    - debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
      state in function XML_StopParser of expat/lib/xmlparse.c
    - debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
      expat/tests/misc_tests.c
    - CVE-2024-50602

 -- Nicolas Campuzano Jimenez <email address hidden> Thu, 28 Nov 2024 12:41:50 -0500

CVE-2024-50602 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un



About   -   Send Feedback to @ubuntu_updates