This update includes a fix for a security vulnerability, CVE-2018-20843:
Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks
For more information on the changes in 2.2.7, see the upstream release notes at: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes#L5
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-139fcda84d
Please login to add feedback.