exploitDog

RLSA-2025:10630

Опубликовано: 03 окт. 2025

Источник: rocky

Оценка: Important

Описание

Important: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794)
libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795)
libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)
libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
libxml2	x86_64	7.el10_0	libxml2-2.12.5-7.el10_0.x86_64.rpm
python3-libxml2	x86_64	7.el10_0	python3-libxml2-2.12.5-7.el10_0.x86_64.rpm

Показывать по

Связанные CVE

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2372373
Red Hat - 2372373
https://bugzilla.redhat.com/show_bug.cgi?id=2372379
Red Hat - 2372379
https://bugzilla.redhat.com/show_bug.cgi?id=2372385
Red Hat - 2372385
https://bugzilla.redhat.com/show_bug.cgi?id=2372406
Red Hat - 2372406

Связанные уязвимости

ELSA-2025-10630

oracle-oval

3 месяца назад

ELSA-2025-10630: libxml2 security update (IMPORTANT)

SUSE-SU-2025:02314-1

suse-cvrf

3 месяца назад

Security update for libxml2

SUSE-SU-2025:02260-1

suse-cvrf

3 месяца назад

Security update for libxml2

RLSA-2025:10698

rocky

3 месяца назад

Important: libxml2 security update

ELSA-2025-10699

oracle-oval

3 месяца назад

ELSA-2025-10699: libxml2 security update (IMPORTANT)