ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

Release Info

Advisory: CLSA-2026:1767798754

OS: CentOS Stream 8 ELS

Public date: 2026-01-07 15:12:36.354799

Project: expat

Version: 2.5.0-1.el8.tuxcare.els1

Errata link: https://errata.tuxcare.com/els_os/centos-stream8els/CLSA-2026-1767798754.html

Changelog

- Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser (part of #839), reject direct parameter entity recursion (part of #839) - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion

Update

Update command: dnf update expat*

Packages list

expat-2.5.0-1.el8.tuxcare.els1.i686.rpm expat-2.5.0-1.el8.tuxcare.els1.x86_64.rpm expat-devel-2.5.0-1.el8.tuxcare.els1.i686.rpm expat-devel-2.5.0-1.el8.tuxcare.els1.x86_64.rpm expat-static-2.5.0-1.el8.tuxcare.els1.x86_64.rpm

CVEs

CVE-2013-0340

CVE-2025-59375

CVE-2024-28757