ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

Release Info

Advisory: CLSA-2026:1767799681

OS: CentOS 8.5 ELS

Public date: 2026-01-07 15:28:03.433805

Project: expat

Version: 2.5.0-1.el8.tuxcare.els1

Errata link: https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1767799681.html

Changelog

- Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser (part of #839), reject direct parameter entity recursion (part of #839) - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion

Update

Update command: dnf update expat*

Packages list

expat-2.5.0-1.el8.tuxcare.els1.i686.rpm expat-2.5.0-1.el8.tuxcare.els1.x86_64.rpm expat-devel-2.5.0-1.el8.tuxcare.els1.i686.rpm expat-devel-2.5.0-1.el8.tuxcare.els1.x86_64.rpm expat-static-2.5.0-1.el8.tuxcare.els1.x86_64.rpm

CVEs

CVE-2013-0340

CVE-2025-59375