Fedora Linux 40 has been updated with security updates, featuring expat-2.7.0-1.fc40 and libxslt-1.1.43-1.fc40:

Fedora 40 Update: expat-2.7.0-1.fc40
Fedora 40 Update: libxslt-1.1.43-1.fc40

[SECURITY] Fedora 40 Update: expat-2.7.0-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d487e15b69
2025-03-26 01:26:07.260526+00:00
--------------------------------------------------------------------------------

Name : expat
Product : Fedora 40
Version : 2.7.0
Release : 1.fc40
URL : https://libexpat.github.io/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.

--------------------------------------------------------------------------------
Update Information:

Rebase to 2.7.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 14 2025 Tomas Korbar [tkorbar@redhat.com] - 2.7.0-1
- Rebase to 2.7.0
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2352474 - expat-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2352474
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d487e15b69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: libxslt-1.1.43-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4d7cfe35a
2025-03-26 01:26:07.260512+00:00
--------------------------------------------------------------------------------

Name : libxslt
Product : Fedora 40
Version : 1.1.43
Release : 1.fc40
URL : https://gitlab.gnome.org/GNOME/libxslt
Summary : Library providing the Gnome XSLT engine
Description :
This C library allows to transform XML files into other XML files
(or HTML, text, ...) using the standard XSLT stylesheet transformation
mechanism. To use it you need to have a version of libxml2 >= 2.6.27
installed. The xsltproc command is a command line interface to the XSLT engine

--------------------------------------------------------------------------------
Update Information:

1.1.43
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 12 2025 Gwyn Ciesla [gwync@protonmail.com] - 1.1.43-1
- 1.1.43
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.42-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Aug 6 2024 Tomas Popela [tpopela@redhat.com] - 1.1.42-3
- Only build python support on Fedora
* Thu Jul 18 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.1.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2351736 - libxslt-1.1.43 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2351736
[ 2 ] Bug #2352507 - CVE-2025-24855 libxslt: Use-After-Free in libxslt numbers.c [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2352507
[ 3 ] Bug #2352517 - CVE-2024-55549 libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2352517
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4d7cfe35a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--