Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02617-1

Опубликовано: 04 авг. 2025
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

  • CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)

Список пакетов

Container bci/bci-sle15-kernel-module-devel:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest
libxml2-2-2.12.10-150700.4.6.1
libxml2-devel-2.12.10-150700.4.6.1
libxml2-tools-2.12.10-150700.4.6.1
Container bci/php-apache:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/php-fpm:latest
libxml2-2-2.12.10-150700.4.6.1
Container bci/php:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/bind:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/kiosk/xorg:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/mariadb:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/nginx:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/pcp:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/postgres:16
libxml2-2-2.12.10-150700.4.6.1
Container suse/postgres:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/rmt-server:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-client:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-server:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/samba-toolbox:latest
libxml2-2-2.12.10-150700.4.6.1
Container suse/sle15:latest
libxml2-2-2.12.10-150700.4.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libxml2-2-2.12.10-150700.4.6.1
libxml2-2-32bit-2.12.10-150700.4.6.1
libxml2-devel-2.12.10-150700.4.6.1
libxml2-tools-2.12.10-150700.4.6.1
python3-libxml2-2.12.10-150700.4.6.1
SUSE Linux Enterprise Module for Python 3 15 SP7
python311-libxml2-2.12.10-150700.4.6.1

Описание

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.


Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:latest:libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-2-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-devel-2.12.10-150700.4.6.1
Container bci/kiwi:latest:libxml2-tools-2.12.10-150700.4.6.1

Ссылки