LFS Security Advisories for LFS 12.4.
LFS-12.4 was released on 2025-09-01
- There are currently no known security vulnerabilities for LFS-12.4.
This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.
The links at the end of each item point to fuller details which have links to the development books.
Expat
12.4 005 Expat (LFS) Date: 2025-09-30 Severity: High
In Expat-2.7.3, a security vulnerability was fixed that can allow for a denial of service (system out-of-memory condition) when parsing a XML document. The issue is known to be exploited easily and reliably. It was fixed by preventing the usage of disproportional amounts of dynamic memory within an Expat parser context. All users are recommended to update to Expat-2.7.3 because of the amount of places that Expat can be used, including in contexts such as web browsers where untrusted input is processed. 12.4-005
OpenSSL
12.4 012 OpenSSL (LFS) Date: 2025-10-01 Severity: Medium
In OpenSSL-3.5.4, three security vulnerabilities were fixed that could allow for denial of service (application crashes), arbitrary code execution, and private key recovery on ARM64 platforms. Update to OpenSSL-3.5.4. 12.4-012