UbuntuUpdates.org

Package "expat"

Name: expat

Description:

XML parsing C library - example application
Latest version: 2.6.2-2ubuntu0.2
Release: oracular (24.10)
Level: security
Repository: universe
Homepage: https://libexpat.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "expat"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "expat" in Oracular

Repository Area Version
base universe 2.6.2-2
base main 2.6.2-2
security main 2.6.2-2ubuntu0.2
updates main 2.6.2-2ubuntu0.2
updates universe 2.6.2-2ubuntu0.2

Changelog

Version: 2.6.2-2ubuntu0.2 2025-04-08 11:07:48 UTC

  expat (2.6.2-2ubuntu0.2) oracular-security; urgency=medium

  * SECURITY UPDATE: denial of service via stack overflow
    - debian/patches/CVE-2024-8176-pre.patch: Remove XML_DTD guards
      before is_param accesses
    - debian/patches/CVE-2024-8176-test-pre.patch: tests - Stop
      counting_start_element_handler from using g_parser
    - debian/patches/CVE-2024-8176-1.patch: Resolve the recursion during
      entity processing to prevent stack overflow
    - debian/patches/CVE-2024-8176-2.patch: Stop updating event pointer
      on exit for reentry
    - CVE-2024-8176

 -- Vyom Yadav <email address hidden> Fri, 28 Mar 2025 12:26:47 +0530
Source diff to previous version
CVE-2024-8176 A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an

Version: 2.6.2-2ubuntu0.1 2024-12-10 01:07:27 UTC

  expat (2.6.2-2ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: denial-of-service via XML_ResumeParser
    - debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
      expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
    - debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
      state in function XML_StopParser of expat/lib/xmlparse.c
    - debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
      expat/tests/misc_tests.c
    - CVE-2024-50602

 -- Nicolas Campuzano Jimenez <email address hidden> Thu, 28 Nov 2024 12:41:50 -0500
CVE-2024-50602 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un


About   -   Send Feedback to @ubuntu_updates