Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2025:20311-1 important: expat security update addressing DoS

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
Notice for expatriates: crucial modifications address key concerns; features essential patches and improved reliability. Vital for openSUSE customers.
* bsc#1219559 * bsc#1219561 * bsc#1221289 * bsc#1229930 * bsc#1229931

Summary

## This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info

Read the Full Advisory

References

* bsc#1219559

* bsc#1219561

* bsc#1221289

* bsc#1229930

* bsc#1229931

* bsc#1229932

* bsc#1232579

* bsc#1232601

* bsc#1239618

* jsc#SLE-21253

Cross-

* CVE-2013-0340

* CVE-2019-15903

* CVE-2023-52425

* CVE-2023-52426

* CVE-2024-28757

* CVE-2024-45490

* CVE-2024-45491

* CVE-2024-45492

* CVE-2024-50602

* CVE-2024-8176

CVSS scores:

* CVE-2019-15903 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2019-15903 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2019-15903 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-15903 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52425 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20311-1
Release Date: 2025-05-13T13:37:50Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here