Описание
ELSA-2025-13464: libxml2 security update (IMPORTANT)
[2.9.1-6.0.9.6]
- Fix CVE-2025-7425: heap-use-after-free in xmlFreeID [Orabug: 38290330]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
libxml2
2.9.1-6.0.9.el7_9.6
libxml2-devel
2.9.1-6.0.9.el7_9.6
libxml2-python
2.9.1-6.0.9.el7_9.6
libxml2-static
2.9.1-6.0.9.el7_9.6
Связанные CVE
Связанные уязвимости
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
A flaw was found in libxslt where the attribute type, atype, flags are ...
