{"affected":[{"ecosystem_specific":{"binaries":[{"libexpat1":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libexpat1":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libexpat1":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP6","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"expat","purl":"pkg:rpm/suse/expat&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"expat":"2.7.1-150400.3.28.1","libexpat-devel":"2.7.1-150400.3.28.1","libexpat-devel-32bit":"2.7.1-150400.3.28.1","libexpat1":"2.7.1-150400.3.28.1","libexpat1-32bit":"2.7.1-150400.3.28.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"expat","purl":"pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.7.1-150400.3.28.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for expat fixes the following issues:\n\n- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused \n  by stack overflow by resolving use of recursion (bsc#1239618)\n\nOther fixes:\n- version update to 2.7.1 (jsc#PED-12500)\n     Bug fixes:\n       #980 #989  Restore event pointer behavior from Expat 2.6.4\n                    (that the fix to CVE-2024-8176 changed in 2.7.0);\n                    affected API functions are:\n                    - XML_GetCurrentByteCount\n                    - XML_GetCurrentByteIndex\n                    - XML_GetCurrentColumnNumber\n                    - XML_GetCurrentLineNumber\n                    - XML_GetInputContext\n     Other changes:\n       #976 #977  Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'\n                    with Automake that were missing from 2.7.0 release tarballs\n       #983 #984  Fix printf format specifiers for 32bit Emscripten\n            #992  docs: Promote OpenSSF Best Practices self-certification\n            #978  tests/benchmark: Resolve mistaken double close\n            #986  Address compiler warnings\n       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)\n                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/\n                    for what these numbers do\n        Infrastructure:\n            #982  CI: Start running Perl XML::Parser integration tests\n            #987  CI: Enforce Clang Static Analyzer clean code\n            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized\n                    for clang-tidy\n            #981  CI: Cover compilation with musl\n       #983 #984  CI: Cover compilation with 32bit Emscripten\n       #976 #977  CI: Protect against fuzzer files missing from future\n                    release archives\n\n- version update to 2.7.0\n       #935 #937  Autotools: Make generated CMake files look for\n                    libexpat.@SO_MAJOR@.dylib on macOS\n            #925  Autotools: Sync CMake templates with CMake 3.29\n  #945 #962 #966  CMake: Drop support for CMake <3.13\n            #942  CMake: Small fuzzing related improvements\n            #921  docs: Add missing documentation of error code\n                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4\n            #941  docs: Document need for C++11 compiler for use from C++\n            #959  tests/benchmark: Fix a (harmless) TOCTTOU\n            #944  Windows: Fix installer target location of file xmlwf.xml\n                    for CMake\n            #953  Windows: Address warning -Wunknown-warning-option\n                    about -Wno-pedantic-ms-format from LLVM MinGW\n            #971  Address Cppcheck warnings\n       #969 #970  Mass-migrate links from http:// to https://\n    #947 #958 ..\n       #974 #975  Document changes since the previous release\n       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)\n                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/\n                    for what these numbers do\n","id":"SUSE-SU-2025:1201-1","modified":"2025-04-11T10:16:13Z","published":"2025-04-11T10:16:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251201-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-8176"}],"related":["CVE-2024-8176"],"summary":"Security update for expat","upstream":["CVE-2024-8176"]}