Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
89
security advisoryfedoraDoSFedora 42 libmaxminddb Serious Memory Problems Resulting in DoS Risk
libmaxminddb 1.13.1 Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 MMDB_get_entry_data_list() now validates that the claimed array/map size is plausible given the remaining bytes in the data section. A crafted database. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1e497526c7 2026-03-13 00:58:40.063165+00:00 -------------------------------------------------------------------------------- Name : libmaxminddb Product : Fedora 42 Version : 1.13.1 Release : 1.fc42 URL : https://maxmind.github.io/libmaxminddb/ Summary : C library for reading MaxMind DB files Description : The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. This is a custom binary format designed to facilitate fast lookups of IP addresses while allowing for great flexibility in the type of data associated with an address. The MaxMind DB format is an open file format. The specification is available at https://maxmind.github.io/MaxMind-DB/ and licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. -------------------------------------------------------------------------------- Update Information: libmaxminddb 1.13.1 Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 MMDB_get_entry_data_list() now validates that the claimed array/map size is plausible given the remaining bytes in the data section. A crafted database could previously claim millions of array elements while only having a few bytes of data, causing disproportionate memory allocation (memory amplification DoS). Fixed integer overflow in MMDB_read_node() and find_ipv4_start_node() pointer arithmetic. The node_number * record_length multiplication was performed in uint32_t, which could overflow for very large databases. Now cast to uint64_t before multiplying, matching the pattern already used in find_address_in_search_tree(). Fixed printf format specifier mismatches in mmdblookup's metadata dump. %i was used for unsigned types and %llu for uint64_t, which is technically undefined behavior. Now uses the portable PRIu32, PRIu16, and PRIu64 macros from . Fixed an integer overflow in the search tree bounds check in find_address_in_search_tree(). The addition of node_count and data_section_size was performed in uint32_t arithmetic, which could wrap on very large databases, causing valid lookups to be incorrectly rejected as corrupt. Fixed a NULL pointer dereference in mmdblookup when displaying metadata for a database with an out-of-range build_epoch. The gmtime() return value is now checked before passing to strftime(). MMDB_close() now NULLs the file_content, data_section, and metadata_section pointers and zeroes file_size, data_section_size, and metadata_section_size after unmapping. Previously, calling MMDB_close() twice on the same struct (or calling it after a failed MMDB_open() that succeeded at mapping) would double-munmap the file content, which is undefined behavior. Fixed a stack buffer overflow in print_indentation() when MMDB_dump_entry_data_list() was called with a negative indent value. The negative integer was cast to size_t, producing a massive value passed to memset(). Negative indent values are now clamped to 0. MMDB_lookup_string() now sets *mmdb_error to MMDB_SUCCESS when getaddrinfo fails (non-zero *gai_error). Previously, *mmdb_error was left uninitialized in this case, which could cause callers to read an indeterminate value. Added a recursion depth limit to skip_map_or_array(), matching the existing MAXIMUM_DATA_STRUCTURE_DEPTH (512) limit already used by get_entry_data_list(). A crafted MMDB file with deeply nested maps or arrays could previously cause a stack overflow via unbounded recursion in the MMDB_aget_value / MMDB_get_value code path. Fixed an off-by-one error in MMDB_read_node() that allowedreading one node past the end of the search tree when called with node_number == node_count. This caused the function to read from the data section separator and return an invalid record with an underflowed data offset. The check now correctly rejects node_number > = node_count. The handling of float and double types was rewritten to fix compiler errors and to eliminate the use of volatile. Improved endian preprocessor check if MMDB_LITTLE_ENDIAN is not set. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 25 2026 Robert Scheck 1.13.1-1 - Upgrade to 1.13.1 (#2442507) * Fri Jan 16 2026 Fedora Release Engineering - 1.12.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Jul 24 2025 Fedora Release Engineering - 1.12.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442507 - libmaxminddb-1.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442507 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1e497526c7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 13, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 44 libmaxminddb Critical Memory Amplification DoS 2026-814fe58971
libmaxminddb 1.13.1 Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 MMDB_get_entry_data_list() now validates that the claimed array/map size is plausible given the remaining bytes in the data section. A crafted database. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-814fe58971 2026-03-13 00:15:54.963620+00:00 -------------------------------------------------------------------------------- Name : libmaxminddb Product : Fedora 44 Version : 1.13.1 Release : 1.fc44 URL : https://maxmind.github.io/libmaxminddb/ Summary : C library for reading MaxMind DB files Description : The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. This is a custom binary format designed to facilitate fast lookups of IP addresses while allowing for great flexibility in the type of data associated with an address. The MaxMind DB format is an open file format. The specification is available at https://maxmind.github.io/MaxMind-DB/ and licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. -------------------------------------------------------------------------------- Update Information: libmaxminddb 1.13.1 Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 MMDB_get_entry_data_list() now validates that the claimed array/map size is plausible given the remaining bytes in the data section. A crafted database could previously claim millions of array elements while only having a few bytes of data, causing disproportionate memory allocation (memory amplification DoS). Fixed integer overflow in MMDB_read_node() and find_ipv4_start_node() pointer arithmetic. The node_number * record_length multiplication was performed in uint32_t, which could overflow for very large databases. Now cast to uint64_t before multiplying, matching the pattern already used in find_address_in_search_tree(). Fixed printf format specifier mismatches in mmdblookup's metadata dump. %i was used for unsigned types and %llu for uint64_t, which is technically undefined behavior. Now uses the portable PRIu32, PRIu16, and PRIu64 macros from . Fixed an integer overflow in the search tree bounds check in find_address_in_search_tree(). The addition of node_count and data_section_size was performed in uint32_t arithmetic, which could wrap on very large databases, causing valid lookups to be incorrectly rejected as corrupt. Fixed a NULL pointer dereference in mmdblookup when displaying metadata for a database with an out-of-range build_epoch. The gmtime() return value is now checked before passing to strftime(). MMDB_close() now NULLs the file_content, data_section, and metadata_section pointers and zeroes file_size, data_section_size, and metadata_section_size after unmapping. Previously, calling MMDB_close() twice on the same struct (or calling it after a failed MMDB_open() that succeeded at mapping) would double-munmap the file content, which is undefined behavior. Fixed a stack buffer overflow in print_indentation() when MMDB_dump_entry_data_list() was called with a negative indent value. The negative integer was cast to size_t, producing a massive value passed to memset(). Negative indent values are now clamped to 0. MMDB_lookup_string() now sets *mmdb_error to MMDB_SUCCESS when getaddrinfo fails (non-zero *gai_error). Previously, *mmdb_error was left uninitialized in this case, which could cause callers to read an indeterminate value. Added a recursion depth limit to skip_map_or_array(), matching the existing MAXIMUM_DATA_STRUCTURE_DEPTH (512) limit already used by get_entry_data_list(). A crafted MMDB file with deeply nested maps or arrays could previously cause a stack overflow via unbounded recursion in the MMDB_aget_value / MMDB_get_value code path. Fixed an off-by-one error in MMDB_read_node() that allowedreading one node past the end of the search tree when called with node_number == node_count. This caused the function to read from the data section separator and return an invalid record with an underflowed data offset. The check now correctly rejects node_number > = node_count. The handling of float and double types was rewritten to fix compiler errors and to eliminate the use of volatile. Improved endian preprocessor check if MMDB_LITTLE_ENDIAN is not set. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 25 2026 Robert Scheck 1.13.1-1 - Upgrade to 1.13.1 (#2442507) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442507 - libmaxminddb-1.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442507 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-814fe58971' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 13, 2026
•Critical
Fedora
100
security advisorySuSEimportantSUSE: libxml2 Crucial Buffer Overflow Vulnerability CVE-2025-59376
* bsc#1249584 Cross-References: * CVE-2025-59375 . # Security update for expat Announcement ID: SUSE-SU-2025:20895-1 Release Date: 2025-10-22T12:12:39Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-315=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libexpat1-debuginfo-2.7.1-slfo.1.1_3.1 * expat-debugsource-2.7.1-slfo.1.1_3.1 * libexpat1-2.7.1-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . An important SUSE update resolves the CVE-2025-59375 memory amplification vulnerability in expat.. SUSE update, expat security, memory amplification, CVE-2025-59375. . Severity: Important. LinuxSecurity.com Team
Oct 30, 2025
•Important
SuSE
100
security advisorySuSEimportantSUSE Linux Micro 6.0: Critical Memory Amplification CVE-2025-59375 Advisory
* bsc#1249584 Cross-References: * CVE-2025-59375 . # Security update for expat Announcement ID: SUSE-SU-2025:20868-1 Release Date: 2025-10-22T12:12:49Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-500=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-3.1 * libexpat1-2.7.1-3.1 * expat-debugsource-2.7.1-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . Critical update for SUSE Linux Micro 6.0 addressing memory amplification risk from crafted XML inputs. Act now!. SUSE Linux Micro, expat, memory amplification, security advisory. . Severity: Important. LinuxSecurity.com Team
Oct 27, 2025
•Important
SuSE
100
security advisorySuSEimportantSUSE: expat Important Memory Amplification Vulnerability CVE-2025-59375
* bsc#1249584 Cross-References: * CVE-2025-59375 . # Security update for expat Announcement ID: SUSE-SU-2025:03624-1 Release Date: 2025-10-16T19:59:58Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: *CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3624=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3624=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3624=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3624=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3624=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3624=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3624=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3624=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3624=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3624=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3624=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3624=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3624=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3624=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patchSUSE-SLE-Micro-5.4-2025-3624=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3624=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3624=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3624=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3624=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 *expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-2.7.1-150400.3.31.1 *libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Server 4.3 LTS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat-devel-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexpat-devel-64bit-2.7.1-150400.3.31.1 * expat-64bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-64bit-2.7.1-150400.3.31.1 * libexpat1-64bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 *openSUSE Leap 15.6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat-devel-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * Basesystem Module 15-SP6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 *expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . SUSE issues security advisory for expat addressing memory amplification vulnerability with important severity and patch instructions.. SUSE Advisory, expat Security, Memory Amplification Patches, CVE-2025-59375 Update. . Severity: Important. LinuxSecurity.com Team
Oct 17, 2025
•Important
SuSE
202
security advisoryimportantattackopenSUSE: expat Important Memory Amplification Issue Advisory 2025:03624-1
An update that solves one vulnerability can now be installed.. # Security update for expat Announcement ID: SUSE-SU-2025:03624-1 Release Date: 2025-10-16T19:59:58Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Retail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3624=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3624=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3624=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3624=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3624=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3624=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3624=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-3624=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3624=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3624=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3624=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3624=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3624=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3624=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patchSUSE-SLE-Micro-5.4-2025-3624=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3624=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3624=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3624=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3624=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 *expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-2.7.1-150400.3.31.1 *libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Manager Server 4.3 LTS (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat-devel-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexpat-devel-64bit-2.7.1-150400.3.31.1 * expat-64bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-64bit-2.7.1-150400.3.31.1 * libexpat1-64bit-debuginfo-2.7.1-150400.3.31.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 *openSUSE Leap 15.6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * libexpat-devel-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * Basesystem Module 15-SP6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 *expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * expat-debugsource-2.7.1-150400.3.31.1 * expat-debuginfo-2.7.1-150400.3.31.1 * expat-2.7.1-150400.3.31.1 * libexpat1-2.7.1-150400.3.31.1 * libexpat1-debuginfo-2.7.1-150400.3.31.1 * libexpat-devel-2.7.1-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.31.1 * expat-32bit-debuginfo-2.7.1-150400.3.31.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . Critical expat update for openSUSE addresses important memory amplification threat; patch available.. openSUSE expat security patch memory amplification. . Severity: Important. LinuxSecurity.com Team
Oct 17, 2025
•Important
OpenSUSE
100
security advisorySuSEimportantSUSE: Update for expat Important Memory Amplification CVE-2025-59375
* bsc#1249584 Cross-References: * CVE-2025-59375 . # Security update for expat Announcement ID: SUSE-SU-2025:03536-1 Release Date: 2025-10-10T15:20:31Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3536=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3536=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * expat-debuginfo-2.7.1-21.46.1 * libexpat-devel-2.7.1-21.46.1 * expat-debugsource-2.7.1-21.46.1 * libexpat1-2.7.1-21.46.1 * expat-2.7.1-21.46.1 * libexpat1-debuginfo-2.7.1-21.46.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libexpat1-32bit-2.7.1-21.46.1 * libexpat1-debuginfo-32bit-2.7.1-21.46.1 *expat-debuginfo-32bit-2.7.1-21.46.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * expat-debuginfo-2.7.1-21.46.1 * libexpat-devel-2.7.1-21.46.1 * expat-debugsource-2.7.1-21.46.1 * libexpat1-32bit-2.7.1-21.46.1 * expat-debuginfo-32bit-2.7.1-21.46.1 * libexpat1-2.7.1-21.46.1 * expat-2.7.1-21.46.1 * libexpat1-debuginfo-2.7.1-21.46.1 * libexpat1-debuginfo-32bit-2.7.1-21.46.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . SUSE's security update for expat addresses a memory amplification issue that poses significant risk to systems.. SUSE expat update memory amplification issue security risk. . Severity: Important. LinuxSecurity.com Team
Oct 10, 2025
•Important
SuSE
100
security advisorySuSEimportantSUSE Advisory 2025:03537-1 for CVE-2025-59375: Critical Memory Issue
* bsc#1249584 Cross-References: * CVE-2025-59375 . # Security update for expat Announcement ID: SUSE-SU-2025:03537-1 Release Date: 2025-10-10T15:21:56Z Rating: important References: * bsc#1249584 Cross-References: * CVE-2025-59375 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3537=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3537=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3537=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3537=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patchSUSE-SUSE-MicroOS-5.1-2025-3537=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3537=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3537=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * expat-debuginfo-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * libexpat-devel-2.7.1-150000.3.39.1 * libexpat1-2.7.1-150000.3.39.1 * expat-2.7.1-150000.3.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libexpat1-32bit-debuginfo-2.7.1-150000.3.39.1 * expat-32bit-debuginfo-2.7.1-150000.3.39.1 * libexpat1-32bit-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * expat-debuginfo-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * libexpat-devel-2.7.1-150000.3.39.1 * libexpat1-2.7.1-150000.3.39.1 * expat-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * libexpat1-32bit-debuginfo-2.7.1-150000.3.39.1 * expat-32bit-debuginfo-2.7.1-150000.3.39.1 * libexpat1-32bit-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * expat-debuginfo-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * libexpat-devel-2.7.1-150000.3.39.1 * libexpat1-2.7.1-150000.3.39.1 * expat-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libexpat1-32bit-debuginfo-2.7.1-150000.3.39.1 * expat-32bit-debuginfo-2.7.1-150000.3.39.1 * libexpat1-32bit-2.7.1-150000.3.39.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * expat-debuginfo-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 *libexpat-devel-2.7.1-150000.3.39.1 * libexpat1-2.7.1-150000.3.39.1 * expat-2.7.1-150000.3.39.1 * SUSE Enterprise Storage 7.1 (x86_64) * libexpat1-32bit-debuginfo-2.7.1-150000.3.39.1 * expat-32bit-debuginfo-2.7.1-150000.3.39.1 * libexpat1-32bit-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libexpat1-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * expat-debuginfo-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libexpat1-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * expat-debuginfo-2.7.1-150000.3.39.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libexpat1-2.7.1-150000.3.39.1 * libexpat1-debuginfo-2.7.1-150000.3.39.1 * expat-debugsource-2.7.1-150000.3.39.1 * expat-debuginfo-2.7.1-150000.3.39.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://bugzilla.suse.com/show_bug.cgi?id=1249584 . An important security advisory for expat addressing a memory amplification flaw with CVE-2025-59375.. Expat Security Fix, SUSE Vulnerability Patch, Memory Amplification, CVE-2025-59375. . Severity: Important. LinuxSecurity.com Team
Oct 10, 2025
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!