Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0391-1

Опубликовано: 05 фев. 2026
Источник: suse-cvrf

Описание

Security update for libxml2

This update for libxml2 fixes the following issues:

  • CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving <include> directives (bsc#1256805)

Список пакетов

Container suse/sle-micro/base-5.5:latest
libxml2-2-2.10.3-150500.5.35.1
Container suse/sle-micro/kvm-5.5:latest
libxml2-2-2.10.3-150500.5.35.1
SUSE Linux Enterprise Micro 5.5
libxml2-2-2.10.3-150500.5.35.1
libxml2-tools-2.10.3-150500.5.35.1
python3-libxml2-2.10.3-150500.5.35.1
openSUSE Leap 15.6
libxml2-2-2.10.3-150500.5.35.1
libxml2-2-32bit-2.10.3-150500.5.35.1
libxml2-devel-2.10.3-150500.5.35.1
libxml2-devel-32bit-2.10.3-150500.5.35.1
libxml2-doc-2.10.3-150500.5.35.1
libxml2-tools-2.10.3-150500.5.35.1
python3-libxml2-2.10.3-150500.5.35.1
python311-libxml2-2.10.3-150500.5.35.1

Ссылки

Описание

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Затронутые продукты
Container suse/sle-micro/base-5.5:latest:libxml2-2-2.10.3-150500.5.35.1
Container suse/sle-micro/kvm-5.5:latest:libxml2-2-2.10.3-150500.5.35.1
SUSE Linux Enterprise Micro 5.5:libxml2-2-2.10.3-150500.5.35.1
SUSE Linux Enterprise Micro 5.5:libxml2-tools-2.10.3-150500.5.35.1
Ссылки