Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving
<include>directives (bsc#1256805).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libxml2-2-2.9.4-46.96.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libxml2-2-2.9.4-46.96.1
libxml2-2-32bit-2.9.4-46.96.1
libxml2-devel-2.9.4-46.96.1
libxml2-doc-2.9.4-46.96.1
libxml2-tools-2.9.4-46.96.1
python-libxml2-2.9.4-46.96.1
Ссылки
- Link for SUSE-SU-2026:0336-1
- E-Mail link for SUSE-SU-2026:0336-1
- SUSE Security Ratings
- SUSE Bug 1256805
- SUSE CVE CVE-2026-0989 page
Описание
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.96.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.96.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.96.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.96.1
Ссылки
- CVE-2026-0989
- SUSE Bug 1256804