Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22715 http://linux.oracle.com/errata/ELSA-2026-22715.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: expat-2.7.3-1.el10_2.1.x86_64.rpm expat-devel-2.7.3-1.el10_2.1.x86_64.rpm aarch64: expat-2.7.3-1.el10_2.1.aarch64.rpm expat-devel-2.7.3-1.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/expat-2.7.3-1.el10_2.1.src.rpm Related CVEs: CVE-2026-45186 Description of changes: [2.7.3-57] - expat: backport CVE-2026-45186 fix (attribute collision check DoS) [2.7.3-56] - Rebase to 2.7.3 and add VCS tag * Thu Jun 05 2025
Expat could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8520-1 July 09, 2026 expat vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Expat could be made to crash if it received specially crafted input. Software Description: - expat: XML parsing C library Details: It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libexpat1 2.1.0-7ubuntu0.16.04.5+esm12 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8520-1 CVE-2026-41080 . Update Ubuntu 16.04 LTS to fix Expat denial of service issue due to improper input handling. Critical security patch needed.. Ubuntu Expat Denial of Service Update, Security Notice, XML Parsing C Library, Ubuntu Security Advisory. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-23230 http://linux.oracle.com/errata/ELSA-2026-23230.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: expat-2.5.0-6.el9_8.1.i686.rpm expat-2.5.0-6.el9_8.1.x86_64.rpm expat-devel-2.5.0-6.el9_8.1.i686.rpm expat-devel-2.5.0-6.el9_8.1.x86_64.rpm aarch64: expat-2.5.0-6.el9_8.1.aarch64.rpm expat-devel-2.5.0-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/expat-2.5.0-6.el9_8.1.src.rpm Related CVEs: CVE-2026-45186 Description of changes: [2.5.0-6.1] - Fix CVE-2026-45186 - Resolves: RHEL-177988 _______________________________________________ El-errata mailing list
Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0204.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-45186 Description: CVE-2026-45186 the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. References: - https://bugs.mageia.org/show_bug.cgi?id=35522 - https://www.openwall.com/lists/oss-security/2026/05/11/16 - https://blog.hartwork.org/posts/expat-2-8-1-released/ - https://github.com/libexpat/libexpat/blob/R_2_8_1/expat/Changes - https://www.cve.org/CVERecord?id=CVE-2026-45186 SRPMS: - 9/core/expat-2.7.5-1.1.mga9 . Mageia security advisory for expat revealing a denial of service issue through crafted XML input. Essential update for users.. Mageia, expat, security advisory, XML input, denial of service. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22721 http://linux.oracle.com/errata/ELSA-2026-22721.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: expat-2.5.0-2.el8_10.i686.rpm expat-2.5.0-2.el8_10.x86_64.rpm expat-devel-2.5.0-2.el8_10.i686.rpm expat-devel-2.5.0-2.el8_10.x86_64.rpm aarch64: expat-2.5.0-2.el8_10.aarch64.rpm expat-devel-2.5.0-2.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/expat-2.5.0-2.el8_10.src.rpm Related CVEs: CVE-2026-45186 Description of changes: [2.5.0-2] - Fix CVE-2026-45186 - Resolves: RHEL-177979 _______________________________________________ El-errata mailing list
Rebase to version 2.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-89f45c355d 2026-05-21 01:26:51.960413+00:00 -------------------------------------------------------------------------------- Name : expat Product : Fedora 43 Version : 2.8.1 Release : 1.fc43 URL : https://libexpat.github.io/ Summary : An XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Rebase to version 2.8.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Tomas Korbar - 2.8.1-1 - Rebase to version 2.8.1 * Mon Mar 23 2026 Tomas Korbar - 2.7.5-1 - Rebase to 2.7.5 * Mon Feb 9 2026 Miro Hron\u010dok - 2.7.4-1 - Update to 2.7.4 - Enable versioned symbols - Fixes: rhbz#2435633 * Fri Jan 16 2026 Fedora Release Engineering - 2.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448482 - expat-2.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-89f45c355d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 expat library update addresses critical improvements and fixes for XML parsing. Detailed info inside.. Fedora expat update XML parser security advisory. . Severity: Critical. LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # expat-2.8.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10787-1 Rating: moderate Cross-References: * CVE-2026-41080 * CVE-2026-45186 CVSS scores: * CVE-2026-41080 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-41080 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45186 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the expat-2.8.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * expat 2.8.1-1.1 * libexpat-devel 2.8.1-1.1 * libexpat-devel-32bit 2.8.1-1.1 * libexpat1 2.8.1-1.1 * libexpat1-32bit 2.8.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41080.html * https://www.suse.com/security/cve/CVE-2026-45186.html . Update for openSUSE fixes multiple security issues in expat package, ensuring system integrity.. openSUSE expat update security moderate issues. . Severity: Important. LinuxSecurity.com Team
Rebase to version 2.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-4ef690dc30 2026-05-15 02:33:10.357482+00:00 -------------------------------------------------------------------------------- Name : expat Product : Fedora 44 Version : 2.8.1 Release : 1.fc44 URL : https://libexpat.github.io/ Summary : An XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Rebase to version 2.8.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Tomas Korbar - 2.8.1-1 - Rebase to version 2.8.1 * Mon Mar 23 2026 Tomas Korbar - 2.7.5-1 - Rebase to 2.7.5 * Mon Feb 9 2026 Miro Hron\u010dok - 2.7.4-1 - Update to 2.7.4 - Enable versioned symbols - Fixes: rhbz#2435633 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448482 - expat-2.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4ef690dc30' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 updates expat to version 2.8.1, improving XML parsing functionality and performance. Learn more now!. Fedora expat update XML parser. . Severity: Informational. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.