expat-2.7.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16014 Final 1 1 2025-04-02T00:00:00Z current 2025-04-02T00:00:00Z 2025-04-02T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z expat-2.7.1-1.1 on GA media These are all security issues fixed in the expat-2.7.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16014 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-8176/ SUSE CVE CVE-2024-8176 page openSUSE Tumbleweed expat-2.7.1-1.1 libexpat-devel-2.7.1-1.1 libexpat-devel-32bit-2.7.1-1.1 libexpat1-2.7.1-1.1 libexpat1-32bit-2.7.1-1.1 expat-2.7.1-1.1 as a component of openSUSE Tumbleweed libexpat-devel-2.7.1-1.1 as a component of openSUSE Tumbleweed libexpat-devel-32bit-2.7.1-1.1 as a component of openSUSE Tumbleweed libexpat1-2.7.1-1.1 as a component of openSUSE Tumbleweed libexpat1-32bit-2.7.1-1.1 as a component of openSUSE Tumbleweed A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. CVE-2024-8176 openSUSE Tumbleweed:expat-2.7.1-1.1 openSUSE Tumbleweed:libexpat-devel-2.7.1-1.1 openSUSE Tumbleweed:libexpat-devel-32bit-2.7.1-1.1 openSUSE Tumbleweed:libexpat1-2.7.1-1.1 openSUSE Tumbleweed:libexpat1-32bit-2.7.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-8176.html CVE-2024-8176 https://bugzilla.suse.com/1239618 SUSE Bug 1239618