This update includes a fix for a security vulnerability, CVE_2018-20843:
Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks
For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5
sudo dnf upgrade --advisory=FEDORA-2019-18868e1715
Please login to add feedback.