ELA-1190-1 expat security update

multiple vulnerabilities

2024-09-30
Packageexpat
Version2.1.0-6+deb8u12 (jessie), 2.2.0-2+deb9u9 (stretch), 2.2.6-2+deb10u8 (buster)
Related CVEs CVE-2024-45490 CVE-2024-45491 CVE-2024-45492


Multiple vulnerabilities were found in expat, an XML parsing C library, which could lead to Denial of Service, memory corruption or arbitrary code execution.




For Debian 10 buster, these problems have been fixed in version 2.2.6-2+deb10u8.

For Debian 8 jessie, these problems have been fixed in version 2.1.0-6+deb8u12.

For Debian 9 stretch, these problems have been fixed in version 2.2.0-2+deb9u9.

We recommend that you upgrade your expat packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.