网安资讯详情 - SecLens 情报雷达

ALINUX4-SA-2026:0241

来源： alibaba_cloud_linux_advisory · 发布时间 2026-05-28 18:05 (UTC+08:00) · 抓取时间 2026-05-28 20:00 (UTC+08:00)

原文链接

摘要

Package updates are available for Alibaba Cloud Linux 4 that fix the following vulnerabilities: CVE-2026-45186: A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service. **Solution**: 请您尽快将升级到修复后的版本。修复命令如下： yum update --advisory ALINUX4-SA-2026:0241 **Affected Products**: Alinux 4

正文

Package updates are available for Alibaba Cloud Linux 4 that fix the following vulnerabilities: CVE-2026-45186: A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.

标签

• cve:cve-2026-45186
• severity:important
• type:advisory
• vendor:alibaba

扩展字段

{
  "advisory_id": "ALINUX4-SA-2026:0241",
  "affected_products": [
    "Alinux 4"
  ],
  "cve_ids": [
    "CVE-2026-45186"
  ],
  "raw_pub_date": "Thu, 28 May 2026 18:05:42 +0800",
  "solution": "请您尽快将升级到修复后的版本。修复命令如下：\nyum update --advisory ALINUX4-SA-2026:0241"
}