[CLSA-2026:1780564364] Fix CVE(s): CVE-2026-41080

Type:

security

Severity:

Low

Release date:

2026-06-04 09:13:00 UTC

Description:

   * SECURITY UPDATE: insufficient entropy in XML hash-flooding protection
     - debian/patches/CVE-2026-41080.patch: extract a full 16-byte hash salt
       and add XML_SetHashSalt16Bytes (backport of libexpat PR #1183).
     - CVE-2026-41080

CVEs fixed:

CVE-2026-41080

Updated packages:

expat_2.2.5-3ubuntu0.9+tuxcare.els7_amd64.deb
sha:36f610092736d3c1759a7d0c4d544f934b2483d9
libexpat1_2.2.5-3ubuntu0.9+tuxcare.els7_amd64.deb
sha:86be075691f1049f65b5dd0c58ebeb76669af1eb
libexpat1-dev_2.2.5-3ubuntu0.9+tuxcare.els7_amd64.deb
sha:4db96ca5018d8ffc13227275b5c06efdbfa6e9cf

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.