Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
- CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418).
Список пакетов
Container suse/ltss/sle15.3/bci-base:latest
libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro-rancher/5.2:latest
libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.1/toolbox:latest
libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.2/toolbox:latest
libxml2-2-2.9.7-150000.3.76.1
SUSE Enterprise Storage 7.1
libxml2-2-2.9.7-150000.3.76.1
libxml2-2-32bit-2.9.7-150000.3.76.1
libxml2-devel-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
python3-libxml2-python-2.9.7-150000.3.76.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libxml2-2-2.9.7-150000.3.76.1
libxml2-2-32bit-2.9.7-150000.3.76.1
libxml2-devel-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
python3-libxml2-python-2.9.7-150000.3.76.1
SUSE Linux Enterprise Micro 5.1
libxml2-2-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
SUSE Linux Enterprise Micro 5.2
libxml2-2-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
python3-libxml2-python-2.9.7-150000.3.76.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libxml2-2-2.9.7-150000.3.76.1
libxml2-2-32bit-2.9.7-150000.3.76.1
libxml2-devel-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
python3-libxml2-python-2.9.7-150000.3.76.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libxml2-2-2.9.7-150000.3.76.1
libxml2-2-32bit-2.9.7-150000.3.76.1
libxml2-devel-2.9.7-150000.3.76.1
libxml2-tools-2.9.7-150000.3.76.1
python3-libxml2-python-2.9.7-150000.3.76.1
openSUSE Leap 15.6
python3-libxml2-python-2.9.7-150000.3.76.1
Ссылки
- Link for SUSE-SU-2025:0976-1
- E-Mail link for SUSE-SU-2025:0976-1
- SUSE Security Ratings
- SUSE Bug 1237363
- SUSE Bug 1237370
- SUSE Bug 1237418
- SUSE CVE CVE-2024-56171 page
- SUSE CVE CVE-2025-24928 page
- SUSE CVE CVE-2025-27113 page
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Ссылки
- CVE-2024-56171
- SUSE Bug 1237363
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Ссылки
- CVE-2025-24928
- SUSE Bug 1237370
Описание
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.76.1
Ссылки
- CVE-2025-27113
- SUSE Bug 1237418