Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1440-1

Опубликовано: 02 мая 2025
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

  • CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
  • CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest
libxml2-2-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libxml2-2-2.9.4-46.84.1
libxml2-2-32bit-2.9.4-46.84.1
libxml2-devel-2.9.4-46.84.1
libxml2-doc-2.9.4-46.84.1
libxml2-tools-2.9.4-46.84.1
python-libxml2-2.9.4-46.84.1

Ссылки

Описание

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.84.1
Ссылки

Описание

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.84.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.84.1
Ссылки