Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application
crash due to RelaxNG parser not limiting the recursion depth when
resolving
<include>directives (bsc#1256805)
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
libxml2-2-2.9.7-150000.3.91.1
Container suse/sle-micro/5.2/toolbox:latest
libxml2-2-2.9.7-150000.3.91.1
SUSE Linux Enterprise Micro 5.2
libxml2-2-2.9.7-150000.3.91.1
libxml2-tools-2.9.7-150000.3.91.1
python3-libxml2-python-2.9.7-150000.3.91.1
openSUSE Leap 15.6
python3-libxml2-python-2.9.7-150000.3.91.1
Ссылки
- Link for SUSE-SU-2026:0334-1
- E-Mail link for SUSE-SU-2026:0334-1
- SUSE Security Ratings
- SUSE Bug 1256805
- SUSE CVE CVE-2026-0989 page
Описание
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:libxml2-2-2.9.7-150000.3.91.1
Container suse/sle-micro/5.2/toolbox:latest:libxml2-2-2.9.7-150000.3.91.1
SUSE Linux Enterprise Micro 5.2:libxml2-2-2.9.7-150000.3.91.1
SUSE Linux Enterprise Micro 5.2:libxml2-tools-2.9.7-150000.3.91.1
Ссылки
- CVE-2026-0989
- SUSE Bug 1256804