Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-BYOS
libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-On-Demand
libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-SAP-BYOS
libxml2-2-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
Image SLES12-SP5-EC2-SAP-On-Demand
libxml2-2-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libxml2-2-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libxml2-2-2.9.4-46.81.1
libxml2-2-32bit-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
SUSE Linux Enterprise Server 12 SP5-LTSS
libxml2-2-2.9.4-46.81.1
libxml2-2-32bit-2.9.4-46.81.1
libxml2-devel-2.9.4-46.81.1
libxml2-doc-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
python-libxml2-2.9.4-46.81.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libxml2-2-2.9.4-46.81.1
libxml2-2-32bit-2.9.4-46.81.1
libxml2-devel-2.9.4-46.81.1
libxml2-doc-2.9.4-46.81.1
libxml2-tools-2.9.4-46.81.1
python-libxml2-2.9.4-46.81.1
Ссылки
- Link for SUSE-SU-2025:0747-1
- E-Mail link for SUSE-SU-2025:0747-1
- SUSE Security Ratings
- SUSE Bug 1237363
- SUSE Bug 1237370
- SUSE Bug 1237418
- SUSE CVE CVE-2024-56171 page
- SUSE CVE CVE-2025-24928 page
- SUSE CVE CVE-2025-27113 page
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1
Ссылки
- CVE-2024-56171
- SUSE Bug 1237363
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1
Ссылки
- CVE-2025-24928
- SUSE Bug 1237370
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1
Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1
Ссылки
- CVE-2025-27113
- SUSE Bug 1237418