Описание
Security update for libxslt
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
Список пакетов
Container containers/open-webui:0
libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-nginx:latest
libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-portal:latest
libxslt1-1.1.34-150400.3.13.1
Container suse/nginx:latest
libxslt1-1.1.34-150400.3.13.1
Container suse/rmt-server:latest
libxslt1-1.1.34-150400.3.13.1
Container suse/sle-micro-rancher/5.3:latest
libxslt1-1.1.34-150400.3.13.1
Container suse/sle-micro-rancher/5.4:latest
libxslt1-1.1.34-150400.3.13.1
Container suse/sle-micro/5.5:latest
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Micro 5.3
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Micro 5.4
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Micro 5.5
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libxslt-devel-1.1.34-150400.3.13.1
libxslt-tools-1.1.34-150400.3.13.1
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libxslt-devel-1.1.34-150400.3.13.1
libxslt-tools-1.1.34-150400.3.13.1
libxslt1-1.1.34-150400.3.13.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
libxslt1-32bit-1.1.34-150400.3.13.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
libxslt1-32bit-1.1.34-150400.3.13.1
openSUSE Leap 15.6
libxslt-devel-1.1.34-150400.3.13.1
libxslt-devel-32bit-1.1.34-150400.3.13.1
libxslt-tools-1.1.34-150400.3.13.1
libxslt1-1.1.34-150400.3.13.1
libxslt1-32bit-1.1.34-150400.3.13.1
Ссылки
- Link for SUSE-SU-2025:3875-1
- E-Mail link for SUSE-SU-2025:3875-1
- SUSE Security Ratings
- SUSE Bug 1250553
- SUSE Bug 1251979
- SUSE CVE CVE-2025-10911 page
- SUSE CVE CVE-2025-11731 page
Описание
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Затронутые продукты
Container containers/open-webui:0:libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-nginx:latest:libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-portal:latest:libxslt1-1.1.34-150400.3.13.1
Container suse/nginx:latest:libxslt1-1.1.34-150400.3.13.1
Ссылки
- CVE-2025-10911
- SUSE Bug 1250553
Описание
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Затронутые продукты
Container containers/open-webui:0:libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-nginx:latest:libxslt1-1.1.34-150400.3.13.1
Container private-registry/harbor-portal:latest:libxslt1-1.1.34-150400.3.13.1
Container suse/nginx:latest:libxslt1-1.1.34-150400.3.13.1
Ссылки
- CVE-2025-11731
- SUSE Bug 1251979