Описание
Security update for expat
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in
setContexton retry after an out-of-memory condition (bsc#1259729).
Список пакетов
openSUSE Leap 16.0
expat-2.7.1-160000.5.1
libexpat-devel-2.7.1-160000.5.1
libexpat1-2.7.1-160000.5.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1259711
- SUSE Bug 1259726
- SUSE Bug 1259729
- SUSE CVE CVE-2026-32776 page
- SUSE CVE CVE-2026-32777 page
- SUSE CVE CVE-2026-32778 page
Описание
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
Затронутые продукты
openSUSE Leap 16.0:expat-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat1-2.7.1-160000.5.1
Ссылки
- CVE-2026-32776
- SUSE Bug 1259724
Описание
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
Затронутые продукты
openSUSE Leap 16.0:expat-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat1-2.7.1-160000.5.1
Ссылки
- CVE-2026-32777
- SUSE Bug 1259710
Описание
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
Затронутые продукты
openSUSE Leap 16.0:expat-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.5.1
openSUSE Leap 16.0:libexpat1-2.7.1-160000.5.1
Ссылки
- CVE-2026-32778
- SUSE Bug 1259725