Описание
Security update for libxslt
This update for libxslt fixes the following issues:
- CVE-2025-24855: Fixed use-after-free of XPath context node (bsc#1239625)
- CVE-2024-55549: Fixed use-after-free related to excluded namespaces (bsc#1239637)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libxslt-devel-1.1.28-17.18.1
libxslt-tools-1.1.28-17.18.1
libxslt1-1.1.28-17.18.1
libxslt1-32bit-1.1.28-17.18.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libxslt-devel-1.1.28-17.18.1
libxslt-tools-1.1.28-17.18.1
libxslt1-1.1.28-17.18.1
libxslt1-32bit-1.1.28-17.18.1
Ссылки
- Link for SUSE-SU-2025:1494-1
- E-Mail link for SUSE-SU-2025:1494-1
- SUSE Security Ratings
- SUSE Bug 1239625
- SUSE Bug 1239637
- SUSE CVE CVE-2024-55549 page
- SUSE CVE CVE-2025-24855 page
Описание
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt-devel-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt-tools-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt1-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt1-32bit-1.1.28-17.18.1
Ссылки
- CVE-2024-55549
- SUSE Bug 1239637
Описание
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt-devel-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt-tools-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt1-1.1.28-17.18.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libxslt1-32bit-1.1.28-17.18.1
Ссылки
- CVE-2025-24855
- SUSE Bug 1239625