Описание
ELSA-2025-22376: libxml2 security update (MODERATE)
[2.9.13-14]
- Rebuilt for the correct target in RHEL (9.7-z) (RHEL-119283)
[2.9.13-13]
- Fix CVE-2025-9714 (RHEL-119283)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libxml2
2.9.13-14.el9_7
libxml2-devel
2.9.13-14.el9_7
python3-libxml2
2.9.13-14.el9_7
Oracle Linux x86_64
libxml2
2.9.13-14.el9_7
libxml2-devel
2.9.13-14.el9_7
python3-libxml2
2.9.13-14.el9_7
Связанные CVE
Связанные уязвимости
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Uncontrolled recursion inXPath evaluationin libxml2 up to and includin ...
