SUSE-SU-2025:0746-1

Опубликовано: 28 фев. 2025

Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).

Список пакетов

Container bci/bci-sle15-kernel-module-devel:latest

libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest

libxml2-2-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Container bci/php-apache:latest

libxml2-2-2.10.3-150500.5.23.1

Container bci/php-fpm:latest

libxml2-2-2.10.3-150500.5.23.1

Container bci/php:latest

libxml2-2-2.10.3-150500.5.23.1

Container bci/spack:latest

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:10.1-openjdk11

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:10.1-openjdk17

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:10.1-openjdk21

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:9-openjdk11

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:9-openjdk17

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:9-openjdk21

libxml2-2-2.10.3-150500.5.23.1

Container containers/apache-tomcat:9-openjdk8

libxml2-2-2.10.3-150500.5.23.1

Container containers/open-webui:0

libxml2-2-2.10.3-150500.5.23.1

Container containers/pytorch:2-nvidia

libxml2-2-2.10.3-150500.5.23.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/ltss/sle15.5/sle15:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/mariadb:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/nginx:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/pcp:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/postgres:16

libxml2-2-2.10.3-150500.5.23.1

Container suse/postgres:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/rmt-server:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle-micro/5.5/toolbox:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle-micro/5.5:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle-micro/base-5.5:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle-micro/kvm-5.5:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle-micro/rt-5.5:latest

libxml2-2-2.10.3-150500.5.23.1

Container suse/sle15:15.6

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Server-5-0

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Server-5-0-BYOS

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS-Azure

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS-EC2

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS-GCE

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS-GDC

libxml2-2-2.10.3-150500.5.23.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

libxml2-2-2.10.3-150500.5.23.1

Image ai_15_6

libxml2-2-2.10.3-150500.5.23.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

python311-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

python311-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise Micro 5.5

libxml2-2-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise Module for Python 3 15 SP6

python311-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise Server 15 SP5-LTSS

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

python311-libxml2-2.10.3-150500.5.23.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

python311-libxml2-2.10.3-150500.5.23.1

openSUSE Leap 15.6

libxml2-2-2.10.3-150500.5.23.1

libxml2-2-32bit-2.10.3-150500.5.23.1

libxml2-devel-2.10.3-150500.5.23.1

libxml2-devel-32bit-2.10.3-150500.5.23.1

libxml2-doc-2.10.3-150500.5.23.1

libxml2-tools-2.10.3-150500.5.23.1

python3-libxml2-2.10.3-150500.5.23.1

python311-libxml2-2.10.3-150500.5.23.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250746-1/
Link for SUSE-SU-2025:0746-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020469.html
E-Mail link for SUSE-SU-2025:0746-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1237363
SUSE Bug 1237363
https://bugzilla.suse.com/1237370
SUSE Bug 1237370
https://bugzilla.suse.com/1237418
SUSE Bug 1237418
https://www.suse.com/security/cve/CVE-2024-56171/
SUSE CVE CVE-2024-56171 page
https://www.suse.com/security/cve/CVE-2025-24928/
SUSE CVE CVE-2025-24928 page
https://www.suse.com/security/cve/CVE-2025-27113/
SUSE CVE CVE-2025-27113 page

Описание

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-56171.html
CVE-2024-56171
https://bugzilla.suse.com/1237363
SUSE Bug 1237363

Описание

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-24928.html
CVE-2025-24928
https://bugzilla.suse.com/1237370
SUSE Bug 1237370

Описание

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-2-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.23.1

Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-27113.html
CVE-2025-27113
https://bugzilla.suse.com/1237418
SUSE Bug 1237418

SUSE-SU-2025:0746-1

Описание

Список пакетов

Container bci/bci-sle15-kernel-module-devel:latest

Container bci/kiwi:latest

Container bci/php-apache:latest

Container bci/php-fpm:latest

Container bci/php:latest

Container bci/spack:latest

Container containers/apache-tomcat:10.1-openjdk11

Container containers/apache-tomcat:10.1-openjdk17

Container containers/apache-tomcat:10.1-openjdk21

Container containers/apache-tomcat:9-openjdk11

Container containers/apache-tomcat:9-openjdk17

Container containers/apache-tomcat:9-openjdk21

Container containers/apache-tomcat:9-openjdk8

Container containers/open-webui:0

Container containers/pytorch:2-nvidia

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Container suse/ltss/sle15.5/sle15:latest

Container suse/mariadb:latest

Container suse/nginx:latest

Container suse/pcp:latest

Container suse/postgres:16

Container suse/postgres:latest

Container suse/rmt-server:latest

Container suse/sle-micro/5.5/toolbox:latest

Container suse/sle-micro/5.5:latest

Container suse/sle-micro/base-5.5:latest

Container suse/sle-micro/kvm-5.5:latest

Container suse/sle-micro/rt-5.5:latest

Container suse/sle15:15.6

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

Image SLES15-SP5-Manager-Server-5-0

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

Image SLES15-SP5-Manager-Server-5-0-BYOS

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

Image SLES15-SP6-CHOST-BYOS

Image SLES15-SP6-CHOST-BYOS-Azure

Image SLES15-SP6-CHOST-BYOS-EC2

Image SLES15-SP6-CHOST-BYOS-GCE

Image SLES15-SP6-CHOST-BYOS-GDC

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

Image ai_15_6

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Python 3 15 SP6

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-56171

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-24928

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-27113

Описание

Затронутые продукты

Ссылки