SynopsisThe remote Fedora host is missing a security update.
DescriptionThis update includes a fix for a security vulnerability, CVE_2018-20843 :
> Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks
For more information on the changes in 2.2.7, see the upstream release notes at:
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected expat package.