Описание
Security update for libxslt
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979)
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
libxslt1-1.1.32-150000.3.28.1
SUSE Enterprise Storage 7.1
libxslt-devel-1.1.32-150000.3.28.1
libxslt-tools-1.1.32-150000.3.28.1
libxslt1-1.1.32-150000.3.28.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libxslt-devel-1.1.32-150000.3.28.1
libxslt-tools-1.1.32-150000.3.28.1
libxslt1-1.1.32-150000.3.28.1
SUSE Linux Enterprise Micro 5.1
libxslt1-1.1.32-150000.3.28.1
SUSE Linux Enterprise Micro 5.2
libxslt1-1.1.32-150000.3.28.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libxslt-devel-1.1.32-150000.3.28.1
libxslt-tools-1.1.32-150000.3.28.1
libxslt1-1.1.32-150000.3.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libxslt-devel-1.1.32-150000.3.28.1
libxslt-tools-1.1.32-150000.3.28.1
libxslt1-1.1.32-150000.3.28.1
openSUSE Leap 15.6
libxslt-python-1.1.32-150000.3.28.1
Ссылки
- Link for SUSE-SU-2025:3743-1
- E-Mail link for SUSE-SU-2025:3743-1
- SUSE Security Ratings
- SUSE Bug 1251979
- SUSE CVE CVE-2025-11731 page
Описание
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.28.1
SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.28.1
SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.28.1
SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.28.1
Ссылки
- CVE-2025-11731
- SUSE Bug 1251979