exploitDog

SUSE-SU-2025:0303-1

Опубликовано: 30 янв. 2025

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)

Список пакетов

Container suse/ltss/sle15.3/bci-base:latest

libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro-rancher/5.2:latest

libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro/5.1/toolbox:latest

libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro/5.2/toolbox:latest

libxml2-2-2.9.7-150000.3.73.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libxml2-2-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libxml2-2-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

SUSE Enterprise Storage 7.1

libxml2-2-2.9.7-150000.3.73.1

libxml2-2-32bit-2.9.7-150000.3.73.1

libxml2-devel-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

python3-libxml2-python-2.9.7-150000.3.73.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libxml2-2-2.9.7-150000.3.73.1

libxml2-2-32bit-2.9.7-150000.3.73.1

libxml2-devel-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

python3-libxml2-python-2.9.7-150000.3.73.1

SUSE Linux Enterprise Micro 5.1

libxml2-2-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

SUSE Linux Enterprise Micro 5.2

libxml2-2-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

python3-libxml2-python-2.9.7-150000.3.73.1

SUSE Linux Enterprise Server 15 SP3-LTSS

libxml2-2-2.9.7-150000.3.73.1

libxml2-2-32bit-2.9.7-150000.3.73.1

libxml2-devel-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

python3-libxml2-python-2.9.7-150000.3.73.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libxml2-2-2.9.7-150000.3.73.1

libxml2-2-32bit-2.9.7-150000.3.73.1

libxml2-devel-2.9.7-150000.3.73.1

libxml2-tools-2.9.7-150000.3.73.1

python3-libxml2-python-2.9.7-150000.3.73.1

openSUSE Leap 15.6

python3-libxml2-python-2.9.7-150000.3.73.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250303-1/
Link for SUSE-SU-2025:0303-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020243.html
E-Mail link for SUSE-SU-2025:0303-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236460
SUSE Bug 1236460
https://www.suse.com/security/cve/CVE-2022-49043/
SUSE CVE CVE-2022-49043 page

Описание

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Затронутые продукты

Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.73.1

Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.73.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-49043.html
CVE-2022-49043
https://bugzilla.suse.com/1236460
SUSE Bug 1236460

Уязвимость SUSE-SU-2025:0303-1