Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.0-i586-1_slack15.0.txz: Upgraded. This update addresses a security issue: Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: general entities in character data general entities in attribute values parameter entities Known impact is (reliable and easy) denial of service. Please note that a layer of compression around XML can significantly reduce the minimum attack payload. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-8176 (* Security fix *)
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.7.0-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.7.0-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.7.0-i686-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.7.0-x86_64-1.txz
Slackware 15.0 package:
f15f558aeca71b39a1af24e0f9c0e49c expat-2.7.0-i586-1_slack15.0.txz
Slackware x86_64 15.0 package:
d227ae7389aba2c06d9586e32e320de1 expat-2.7.0-x86_64-1_slack15.0.txz
Slackware -current package:
9eae2f9ee45ab30f3702ce14085196b4 l/expat-2.7.0-i686-1.txz
Slackware x86_64 -current package:
45d027ad6708a4aebec4df703d69ae83 l/expat-2.7.0-x86_64-1.txz
Get the latest Linux and open source security news straight to your inbox.
Installation instructions: Upgrade the package as root: # upgradepkg expat-2.7.0-i586-1_slack15.0.txz