libxml2-2.9.13-10.el9_6

エラータID: AXSA:2025-10626:10

Release date: 
Tuesday, July 29, 2025 - 14:47
Subject: 
libxml2-2.9.13-10.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794)
* libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-49794
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Solution: 

Update packages.

CVEs: 
CVE-2025-49794
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.13-10.el9_6.src.rpm
    MD5: 5ea2fe5e4c814401187ad8c13c72a5ed
    SHA-256: 4061dbb3f3c4507dfeb1b88a3b1f05ef8e63712d113b0ca6ea4067888bd5af58
    Size: 3.13 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-10.el9_6.i686.rpm
    MD5: b6ca58df1d29bc5e927dd15c21908d80
    SHA-256: 2a945a938b23135aaac622bc4603ac5f48423b5159e83f2e8a3ef7c395ff7df1
    Size: 783.91 kB
  2. libxml2-2.9.13-10.el9_6.x86_64.rpm
    MD5: 4fd61a3e779d2ddd6ad79f3e687a7eac
    SHA-256: 59d5be1795d73a654af32abd87ebcb3237766eabf71b37ed3d6b0095734b0574
    Size: 746.21 kB
  3. libxml2-devel-2.9.13-10.el9_6.i686.rpm
    MD5: 7b0c78db43ec1eff9ca6fbc56b150c44
    SHA-256: ac86e9a16a75c55d551bd4ab01aa8186fb53c187420180057fbbb72b7b28b6c6
    Size: 899.35 kB
  4. libxml2-devel-2.9.13-10.el9_6.x86_64.rpm
    MD5: a9d9efeffa4020cbedb413286bb916d8
    SHA-256: 2043f44cf4ab83505ac51da934774d83c57a0586bd8b8633e586d12f67915374
    Size: 899.04 kB
  5. python3-libxml2-2.9.13-10.el9_6.x86_64.rpm
    MD5: 682a7d62e3c59980ae0c5f370b981e0f
    SHA-256: 741dd4c6a1265a8d98d3d0d3e67cd0f5226629170b19ad5b0f4f2b3e72c4b2e2
    Size: 224.53 kB