Bug 35227 - expat new security issues CVE-2026-3277[6-8]
Summary: expat new security issues CVE-2026-3277[6-8]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2026-03-18 10:15 CET by Nicolas Salguero
Modified: 2026-03-20 22:17 CET (History)
3 users (show)

See Also:
Source RPM: expat-2.7.4-1.mga9.src.rpm
CVE: CVE-2026-32776, CVE-2026-32777, CVE-2026-32778
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-18 10:15:30 CET 
Reference: https://www.openwall.com/lists/oss-security/2026/03/17/10
Nicolas Salguero 2026-03-18 10:17:52 CET

Source RPM: (none) => expat-2.7.4-1.mga10.src.rpm, expat-2.7.4-1.mga9.src.rpm
CVE: (none) => CVE-2026-32776, CVE-2026-32777, CVE-2026-32778
Status comment: (none) => Fixed upstream in 2.7.5
Whiteboard: (none) => MGA9TOO
Flags: (none) => affects_mga9+

Comment 1 Nicolas Salguero 2026-03-18 10:22:53 CET 
For Cauldron, I asked for a freeze move.


Suggested advisory:
========================

The updated packages fix security vulnerabilities:

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777)

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778)

References:
https://www.openwall.com/lists/oss-security/2026/03/17/10
========================

Updated packages in core/updates_testing:
========================
expat-2.7.5-1.mga9
lib(64)expat1-2.7.5-1.mga9
lib(64)expat-devel-2.7.5-1.mga9

from SRPM:
expat-2.7.5-1.mga9.src.rpm

Status: NEW => ASSIGNED
Source RPM: expat-2.7.4-1.mga10.src.rpm, expat-2.7.4-1.mga9.src.rpm => expat-2.7.4-1.mga9.src.rpm
Status comment: Fixed upstream in 2.7.5 => (none)
Flags: affects_mga9+ => (none)
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Assignee: bugsquad => qa-bugs

Comment 2 Herman Viaene 2026-03-18 15:21:09 CET 
MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
Ref bug 35089 and followed instructions from wiki: https://wiki.mageia.org/en/QA_procedure:Expat
$ python testexpat.py
Tested OK
$ xmlwf /etc/xml/catalog
$ xmlwf /etc/passwd
/etc/passwd:1:16: not well-formed (invalid token)

So OK as before

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+

Comment 3 Thomas Andrews 2026-03-19 15:05:35 CET 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

katnatek 2026-03-20 19:27:39 CET

Keywords: (none) => advisory

Comment 4 Mageia Robot 2026-03-20 22:17:47 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0061.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.