[CLSA-2026:1780663093] Fix CVE(s): CVE-2026-41080

Type:

security

Severity:

Low

Release date:

2026-06-05 12:38:42 UTC

Description:

   * SECURITY UPDATE: insufficient entropy in XML hash-flooding protection
     - debian/patches/CVE-2026-41080.patch: backport SipHash-2-4 keyed hashing
       with a 16-byte salt and add XML_SetHashSalt16Bytes (libexpat PR #1183).
     - CVE-2026-41080

CVEs fixed:

CVE-2026-41080

Updated packages:

expat_2.1.0-7ubuntu0.16.04.5+tuxcare.els10_amd64.deb
sha:46a621950cf3b1dd7aca525a19a560419b93f925
libexpat1_2.1.0-7ubuntu0.16.04.5+tuxcare.els10_amd64.deb
sha:3a5019df3f8e63740e1e5e2c5871c05b4be0bc8d
libexpat1-dev_2.1.0-7ubuntu0.16.04.5+tuxcare.els10_amd64.deb
sha:1ad8f794ae89548be83e794e7abf89ca5660b37c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.