Описание
Security update for libxml2
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving
<include>directives (bsc#1256805).
Список пакетов
openSUSE Leap 16.0
libxml2-2-2.13.8-160000.3.1
libxml2-devel-2.13.8-160000.3.1
libxml2-doc-2.13.8-160000.3.1
libxml2-tools-2.13.8-160000.3.1
python313-libxml2-2.13.8-160000.3.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1256805
- SUSE CVE CVE-2026-0989 page
Описание
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Затронутые продукты
openSUSE Leap 16.0:libxml2-2-2.13.8-160000.3.1
openSUSE Leap 16.0:libxml2-devel-2.13.8-160000.3.1
openSUSE Leap 16.0:libxml2-doc-2.13.8-160000.3.1
openSUSE Leap 16.0:libxml2-tools-2.13.8-160000.3.1
Ссылки
- CVE-2026-0989
- SUSE Bug 1256804