libxslt-1.1.32-6.1.el8_10

エラータID: AXSA:2025-9833:02

Release date: 
Tuesday, April 8, 2025 - 11:15
Subject: 
libxslt-1.1.32-6.1.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.

Security Fix(es):

* libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855)
* libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Solution: 

Update packages.

CVEs: 
CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxslt-1.1.32-6.1.el8_10.src.rpm
    MD5: 310469091f7568c5ea9716ec416df38d
    SHA-256: a1d9902a1a0b791f6d058a51d1b8bdd12a205a22b1b38c6f985a6410775b472a
    Size: 3.29 MB

Asianux Server 8 for x86_64
  1. libxslt-1.1.32-6.1.el8_10.i686.rpm
    MD5: 28ac70be877cca948be5c3356b96a7b0
    SHA-256: add7dea548fba404678f0ea8822d351ee2d557866479b52245edf09401958880
    Size: 261.69 kB
  2. libxslt-1.1.32-6.1.el8_10.x86_64.rpm
    MD5: d317fb444092d0c82574981c815ad39f
    SHA-256: 490f9aaa599312590783721cb4ade2af26baec76b2acecb3046543e33516b7ab
    Size: 248.60 kB
  3. libxslt-devel-1.1.32-6.1.el8_10.i686.rpm
    MD5: 3efc6f552f329bd81d8e638e68f83c89
    SHA-256: de261949771a5e8dd6924fa04b86bb505fab5a458f4493a778b7213d2d629d48
    Size: 321.77 kB
  4. libxslt-devel-1.1.32-6.1.el8_10.x86_64.rpm
    MD5: 6b2f3c93a8d1d048d6afe4455db1e7c0
    SHA-256: 30733b4c1cdd228690351fafbcd2646280d1eaf5261a2e7cb375db018f43285b
    Size: 321.76 kB