Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
Список пакетов
Container suse/ltss/sle15.4/bci-base:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest
libxml2-2-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-salt-broker:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-squid:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/sle-micro-rancher/5.3:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/sle-micro-rancher/5.4:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/sle-micro/5.3/toolbox:latest
libxml2-2-2.9.14-150400.5.38.1
Container suse/sle-micro/5.4/toolbox:latest
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-3
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-3-BYOS
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-3-EC2
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-4
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-4-BYOS
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
libxml2-2-2.9.14-150400.5.38.1
Image SLES15-SP4-Micro-5-4-EC2
libxml2-2-2.9.14-150400.5.38.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
python311-libxml2-2.9.14-150400.5.38.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
python311-libxml2-2.9.14-150400.5.38.1
SUSE Linux Enterprise Micro 5.3
libxml2-2-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
SUSE Linux Enterprise Micro 5.4
libxml2-2-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
python311-libxml2-2.9.14-150400.5.38.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
python311-libxml2-2.9.14-150400.5.38.1
SUSE Manager Proxy 4.3
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
SUSE Manager Server 4.3
libxml2-2-2.9.14-150400.5.38.1
libxml2-2-32bit-2.9.14-150400.5.38.1
libxml2-devel-2.9.14-150400.5.38.1
libxml2-tools-2.9.14-150400.5.38.1
python3-libxml2-2.9.14-150400.5.38.1
Ссылки
- Link for SUSE-SU-2025:0748-1
- E-Mail link for SUSE-SU-2025:0748-1
- SUSE Security Ratings
- SUSE Bug 1237363
- SUSE Bug 1237370
- SUSE Bug 1237418
- SUSE CVE CVE-2024-56171 page
- SUSE CVE CVE-2025-24928 page
- SUSE CVE CVE-2025-27113 page
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Затронутые продукты
Container suse/ltss/sle15.4/bci-base:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.38.1
Ссылки
- CVE-2024-56171
- SUSE Bug 1237363
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Затронутые продукты
Container suse/ltss/sle15.4/bci-base:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.38.1
Ссылки
- CVE-2025-24928
- SUSE Bug 1237370
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Затронутые продукты
Container suse/ltss/sle15.4/bci-base:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.38.1
Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.38.1
Ссылки
- CVE-2025-27113
- SUSE Bug 1237418