Описание
Security update for libxslt
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
libxslt1-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1
libxslt-devel-1.1.32-150000.3.17.1
libxslt-tools-1.1.32-150000.3.17.1
libxslt1-1.1.32-150000.3.17.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libxslt-devel-1.1.32-150000.3.17.1
libxslt-tools-1.1.32-150000.3.17.1
libxslt1-1.1.32-150000.3.17.1
SUSE Linux Enterprise Micro 5.1
libxslt1-1.1.32-150000.3.17.1
SUSE Linux Enterprise Micro 5.2
libxslt1-1.1.32-150000.3.17.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libxslt-devel-1.1.32-150000.3.17.1
libxslt-tools-1.1.32-150000.3.17.1
libxslt1-1.1.32-150000.3.17.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libxslt-devel-1.1.32-150000.3.17.1
libxslt-tools-1.1.32-150000.3.17.1
libxslt1-1.1.32-150000.3.17.1
openSUSE Leap 15.6
libxslt-python-1.1.32-150000.3.17.1
Ссылки
- Link for SUSE-SU-2025:1003-1
- E-Mail link for SUSE-SU-2025:1003-1
- SUSE Security Ratings
- SUSE Bug 1238591
- SUSE Bug 1239625
- SUSE Bug 1239637
- SUSE CVE CVE-2023-40403 page
- SUSE CVE CVE-2024-55549 page
- SUSE CVE CVE-2025-24855 page
Описание
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1
Ссылки
- CVE-2023-40403
- SUSE Bug 1238591
Описание
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1
Ссылки
- CVE-2024-55549
- SUSE Bug 1239637
Описание
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1
SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1
Ссылки
- CVE-2025-24855
- SUSE Bug 1239625