Synopsis:          Moderate: expat security update
Advisory ID:       SLSA-2020:3952-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2018-20843
--

Security Fix(es):

* expat: large number of colons in input makes parser consume high amount
of resources, leading to DoS (CVE-2018-20843)

* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)
--

SL7
  x86_64
    expat-devel-2.1.0-12.el7.x86_64.rpm
    expat-2.1.0-12.el7.i686.rpm
    expat-devel-2.1.0-12.el7.i686.rpm
    expat-2.1.0-12.el7.x86_64.rpm
    expat-debuginfo-2.1.0-12.el7.i686.rpm
    expat-debuginfo-2.1.0-12.el7.x86_64.rpm
    expat-static-2.1.0-12.el7.i686.rpm
    expat-static-2.1.0-12.el7.x86_64.rpm

- Scientific Linux Development Team