Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
Список пакетов
Container suse/ltss/sle15.3/bci-base:latest
libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro-rancher/5.2:latest
libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.1/toolbox:latest
libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.2/toolbox:latest
libxml2-2-2.9.7-150000.3.79.1
SUSE Linux Enterprise Micro 5.1
libxml2-2-2.9.7-150000.3.79.1
libxml2-tools-2.9.7-150000.3.79.1
SUSE Linux Enterprise Micro 5.2
libxml2-2-2.9.7-150000.3.79.1
libxml2-tools-2.9.7-150000.3.79.1
python3-libxml2-python-2.9.7-150000.3.79.1
openSUSE Leap 15.6
python3-libxml2-python-2.9.7-150000.3.79.1
Ссылки
- Link for SUSE-SU-2025:1439-1
- E-Mail link for SUSE-SU-2025:1439-1
- SUSE Security Ratings
- SUSE Bug 1241453
- SUSE Bug 1241551
- SUSE CVE CVE-2025-32414 page
- SUSE CVE CVE-2025-32415 page
Описание
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.79.1
Ссылки
- CVE-2025-32414
- SUSE Bug 1241551
Описание
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Затронутые продукты
Container suse/ltss/sle15.3/bci-base:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.1/toolbox:latest:libxml2-2-2.9.7-150000.3.79.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.79.1
Ссылки
- CVE-2025-32415
- SUSE Bug 1241453