Slackware Linux has issued updated expat packages for version 15.0 and current branches specifically to address multiple significant security issues. These patches address critical vulnerabilities involving NULL pointers and potential infinite loops within the processing functions.

expat (SSA:2026-077-01)

expat (SSA:2026-077-01)

expat (SSA:2026-077-01)

New expat packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/expat-2.7.5-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix NULL function pointer dereference for empty external parameter entities;
it takes use of both functions XML_ExternalEntityParserCreate and
XML_SetParamEntityParsing for an application to be vulnerable.
Protect from XML_TOK_INSTANCE_START infinite loop in function
entityValueProcessor; it takes use of both functions
XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an
application to be vulnerable.
Fix NULL dereference in function setContext on retry after an earlier
ouf-of-memory condition; it takes use of function XML_ParserCreateNS or
XML_ParserCreate_MM for an application to be vulnerable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-32776
https://www.cve.org/CVERecord?id=CVE-2026-32777
https://www.cve.org/CVERecord?id=CVE-2026-32778
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.7.5-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.7.5-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.7.5-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.7.5-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
c86d353f2bec19c75d90d0c4736eaaf2 expat-2.7.5-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
3acb8cf368cc4fa7c989d84831b8f238 expat-2.7.5-x86_64-1_slack15.0.txz

Slackware -current package:
6635c49608492641a1965bac5f83d4cc l/expat-2.7.5-i686-1.txz

Slackware x86_64 -current package:
e6297cf40af8a1d895af22d10712be8b l/expat-2.7.5-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg expat-2.7.5-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key