Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
Список пакетов
Container containers/open-webui:0
libxml2-2-2.10.3-150500.5.32.1
Container containers/pytorch:2-nvidia
libxml2-2-2.10.3-150500.5.32.1
Container private-registry/harbor-db:latest
libxml2-2-2.10.3-150500.5.32.1
Container private-registry/harbor-nginx:latest
libxml2-2-2.10.3-150500.5.32.1
Container private-registry/harbor-portal:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/mariadb:10.11
libxml2-2-2.10.3-150500.5.32.1
Container suse/sle-micro/5.5/toolbox:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/sle-micro/5.5:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/sle-micro/base-5.5:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/sle-micro/kvm-5.5:latest
libxml2-2-2.10.3-150500.5.32.1
Container suse/sle-micro/rt-5.5:latest
libxml2-2-2.10.3-150500.5.32.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
python311-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
python311-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise Micro 5.5
libxml2-2-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
python311-libxml2-2.10.3-150500.5.32.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
python311-libxml2-2.10.3-150500.5.32.1
openSUSE Leap 15.6
libxml2-2-2.10.3-150500.5.32.1
libxml2-2-32bit-2.10.3-150500.5.32.1
libxml2-devel-2.10.3-150500.5.32.1
libxml2-devel-32bit-2.10.3-150500.5.32.1
libxml2-doc-2.10.3-150500.5.32.1
libxml2-tools-2.10.3-150500.5.32.1
python3-libxml2-2.10.3-150500.5.32.1
python311-libxml2-2.10.3-150500.5.32.1
Ссылки
- Link for SUSE-SU-2025:02758-1
- E-Mail link for SUSE-SU-2025:02758-1
- SUSE Security Ratings
- SUSE Bug 1246296
- SUSE CVE CVE-2025-7425 page
Описание
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Затронутые продукты
Container containers/open-webui:0:libxml2-2-2.10.3-150500.5.32.1
Container containers/pytorch:2-nvidia:libxml2-2-2.10.3-150500.5.32.1
Container private-registry/harbor-db:latest:libxml2-2-2.10.3-150500.5.32.1
Container private-registry/harbor-nginx:latest:libxml2-2-2.10.3-150500.5.32.1
Ссылки
- CVE-2025-7425
- SUSE Bug 1246296