Описание
Security update for libxslt
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
Список пакетов
Container suse/nginx:latest
libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.3:latest
libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.4:latest
libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro/5.5:latest
libxslt1-1.1.34-150400.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libxslt1-1.1.34-150400.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libxslt1-1.1.34-150400.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libxslt1-1.1.34-150400.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Micro 5.3
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Micro 5.4
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Micro 5.5
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
libxslt1-32bit-1.1.34-150400.3.6.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Manager Proxy 4.3
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
SUSE Manager Server 4.3
libxslt-devel-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
openSUSE Leap 15.6
libxslt-devel-1.1.34-150400.3.6.1
libxslt-devel-32bit-1.1.34-150400.3.6.1
libxslt-tools-1.1.34-150400.3.6.1
libxslt1-1.1.34-150400.3.6.1
libxslt1-32bit-1.1.34-150400.3.6.1
Ссылки
- Link for SUSE-SU-2025:1125-1
- E-Mail link for SUSE-SU-2025:1125-1
- SUSE Security Ratings
- SUSE Bug 1238591
- SUSE Bug 1239625
- SUSE Bug 1239637
- SUSE CVE CVE-2023-40403 page
- SUSE CVE CVE-2024-55549 page
- SUSE CVE CVE-2025-24855 page
Описание
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Затронутые продукты
Container suse/nginx:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.3:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.4:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro/5.5:latest:libxslt1-1.1.34-150400.3.6.1
Ссылки
- CVE-2023-40403
- SUSE Bug 1238591
Описание
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Затронутые продукты
Container suse/nginx:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.3:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.4:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro/5.5:latest:libxslt1-1.1.34-150400.3.6.1
Ссылки
- CVE-2024-55549
- SUSE Bug 1239637
Описание
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Затронутые продукты
Container suse/nginx:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.3:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro-rancher/5.4:latest:libxslt1-1.1.34-150400.3.6.1
Container suse/sle-micro/5.5:latest:libxslt1-1.1.34-150400.3.6.1
Ссылки
- CVE-2025-24855
- SUSE Bug 1239625