Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
Список пакетов
Container bci/bci-sle15-kernel-module-devel:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest
libxml2-2-2.12.10-150700.4.6.1
libxml2-devel-2.12.10-150700.4.6.1
libxml2-tools-2.12.10-150700.4.6.1
Container bci/php-apache:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/php-fpm:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/php:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/bind:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/kiosk/xorg:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/mariadb:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/nginx:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/pcp:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/postgres:16
libxml2-2-2.12.10-150700.4.6.1
Container suse/postgres:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/rmt-server:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-client:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-server:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-toolbox:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/sle15:latest
libxml2-2-2.12.10-150700.4.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libxml2-2-2.12.10-150700.4.6.1
libxml2-2-32bit-2.12.10-150700.4.6.1
libxml2-devel-2.12.10-150700.4.6.1
libxml2-tools-2.12.10-150700.4.6.1
python3-libxml2-2.12.10-150700.4.6.1
SUSE Linux Enterprise Module for Python 3 15 SP7
python311-libxml2-2.12.10-150700.4.6.1
Ссылки
- Link for SUSE-SU-2025:02617-1
- E-Mail link for SUSE-SU-2025:02617-1
- SUSE Security Ratings
- SUSE Bug 1246296
- SUSE CVE CVE-2025-7425 page
Описание
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:latest:libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-devel-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-tools-2.12.10-150700.4.6.1
Ссылки
- CVE-2025-7425
- SUSE Bug 1246296