Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
libxml2-2-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
Container suse/manager/4.3/proxy-salt-broker:latest
libxml2-2-2.9.14-150400.5.47.1
Container suse/manager/4.3/proxy-squid:latest
libxml2-2-2.9.14-150400.5.47.1
Container suse/sle-micro-rancher/5.3:latest
libxml2-2-2.9.14-150400.5.47.1
Container suse/sle-micro-rancher/5.4:latest
libxml2-2-2.9.14-150400.5.47.1
Container suse/sle-micro/5.3/toolbox:latest
libxml2-2-2.9.14-150400.5.47.1
Container suse/sle-micro/5.4/toolbox:latest
libxml2-2-2.9.14-150400.5.47.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
python311-libxml2-2.9.14-150400.5.47.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
python311-libxml2-2.9.14-150400.5.47.1
SUSE Linux Enterprise Micro 5.3
libxml2-2-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
SUSE Linux Enterprise Micro 5.4
libxml2-2-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
python311-libxml2-2.9.14-150400.5.47.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
python311-libxml2-2.9.14-150400.5.47.1
SUSE Manager Proxy LTS 4.3
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
SUSE Manager Server LTS 4.3
libxml2-2-2.9.14-150400.5.47.1
libxml2-2-32bit-2.9.14-150400.5.47.1
libxml2-devel-2.9.14-150400.5.47.1
libxml2-tools-2.9.14-150400.5.47.1
python3-libxml2-2.9.14-150400.5.47.1
Ссылки
- Link for SUSE-SU-2025:02620-1
- E-Mail link for SUSE-SU-2025:02620-1
- SUSE Security Ratings
- SUSE Bug 1246296
- SUSE CVE CVE-2025-7425 page
Описание
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Затронутые продукты
Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.47.1
Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.47.1
Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.47.1
Container suse/manager/4.3/proxy-squid:latest:libxml2-2-2.9.14-150400.5.47.1
Ссылки
- CVE-2025-7425
- SUSE Bug 1246296