Amazon Linux 2023 Security Advisory: ALAS2023-2024-576
Advisory Released Date: 2024-04-02
Advisory Updated Date: 2024-04-02
Severity:
Important
Issue Overview:
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757)
Affected Packages:
expat
Issue Correction:
Run dnf update expat --releasever 2023.4.20240401 to update your system.
New Packages:
aarch64:
expat-debuginfo-2.5.0-1.amzn2023.0.4.aarch64
expat-debugsource-2.5.0-1.amzn2023.0.4.aarch64
expat-static-2.5.0-1.amzn2023.0.4.aarch64
expat-2.5.0-1.amzn2023.0.4.aarch64
expat-devel-2.5.0-1.amzn2023.0.4.aarch64
src:
expat-2.5.0-1.amzn2023.0.4.src
x86_64:
expat-static-2.5.0-1.amzn2023.0.4.x86_64
expat-debuginfo-2.5.0-1.amzn2023.0.4.x86_64
expat-devel-2.5.0-1.amzn2023.0.4.x86_64
expat-debugsource-2.5.0-1.amzn2023.0.4.x86_64
expat-2.5.0-1.amzn2023.0.4.x86_64