Advisories » MGASA-2024-0072

Updated expat packages fix security vulnerabilities

Publication date: 18 Mar 2024
Modification date: 18 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52425 , CVE-2024-28757

Description

It was discovered that Expat could be made to consume large amounts of
resources. If a user or automated system were tricked into processing
specially crafted input, an attacker could possibly use this issue to
cause
a denial of service. (CVE-2023-52425, CVE-2024-28757)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32970
• https://ubuntu.com/security/notices/USN-6694-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28757

SRPMS

9/core

• expat-2.6.2-1.mga9