Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
Список пакетов
Container bci/kiwi:latest
libxml2-devel-2.10.3-150500.5.26.1
libxml2-tools-2.10.3-150500.5.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/ltss/sle15.5/sle15:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/postgres:16
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle-micro/5.5/toolbox:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle-micro/5.5:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle-micro/base-5.5:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle-micro/kvm-5.5:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle-micro/rt-5.5:latest
libxml2-2-2.10.3-150500.5.26.1
Container suse/sle15:15.6
libxml2-2-2.10.3-150500.5.26.1
SUSE Linux Enterprise Micro 5.5
libxml2-2-2.10.3-150500.5.26.1
libxml2-tools-2.10.3-150500.5.26.1
python3-libxml2-2.10.3-150500.5.26.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libxml2-2-2.10.3-150500.5.26.1
libxml2-2-32bit-2.10.3-150500.5.26.1
libxml2-devel-2.10.3-150500.5.26.1
libxml2-tools-2.10.3-150500.5.26.1
python3-libxml2-2.10.3-150500.5.26.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-libxml2-2.10.3-150500.5.26.1
openSUSE Leap 15.6
libxml2-2-2.10.3-150500.5.26.1
libxml2-2-32bit-2.10.3-150500.5.26.1
libxml2-devel-2.10.3-150500.5.26.1
libxml2-devel-32bit-2.10.3-150500.5.26.1
libxml2-doc-2.10.3-150500.5.26.1
libxml2-tools-2.10.3-150500.5.26.1
python3-libxml2-2.10.3-150500.5.26.1
python311-libxml2-2.10.3-150500.5.26.1
Ссылки
- Link for SUSE-SU-2025:1438-1
- E-Mail link for SUSE-SU-2025:1438-1
- SUSE Security Ratings
- SUSE Bug 1241453
- SUSE Bug 1241551
- SUSE CVE CVE-2025-32414 page
- SUSE CVE CVE-2025-32415 page
Описание
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Затронутые продукты
Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.26.1
Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:libxml2-2-2.10.3-150500.5.26.1
Container suse/ltss/sle15.5/sle15:latest:libxml2-2-2.10.3-150500.5.26.1
Ссылки
- CVE-2025-32414
- SUSE Bug 1241551
Описание
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Затронутые продукты
Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.26.1
Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.26.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:libxml2-2-2.10.3-150500.5.26.1
Container suse/ltss/sle15.5/sle15:latest:libxml2-2-2.10.3-150500.5.26.1
Ссылки
- CVE-2025-32415
- SUSE Bug 1241453