libxml2-2.9.13-14.el9_7

エラータID: AXSA:2025-11552:17

Release date: 
Thursday, December 18, 2025 - 16:03
Subject: 
libxml2-2.9.13-14.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-9714
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

Solution: 

Update packages.

CVEs: 
CVE-2025-9714
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.13-14.el9_7.src.rpm
    MD5: 1365523f34970434daa55870d1bf7113
    SHA-256: 960f1a27f9ab3fa0bb8d4424defdac58f42a81316304435ee09be458142e4fe7
    Size: 3.14 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-14.el9_7.i686.rpm
    MD5: 6836bb8787b357bbaaffffebd2d25ae4
    SHA-256: 041aa62bbb12a2dd36866b40f3101c39fc291f21feaed01ed611b800e0248570
    Size: 784.13 kB
  2. libxml2-2.9.13-14.el9_7.x86_64.rpm
    MD5: c51c62692c6a0db8be69d7518a5c2b64
    SHA-256: 80fa92533eb27b7793f923553c6a0880ed1ff26c6527c947a79f55ab4cd0f719
    Size: 745.81 kB
  3. libxml2-devel-2.9.13-14.el9_7.i686.rpm
    MD5: 2cfd55939d3ec4e5c034983f8c5f0601
    SHA-256: 06530f9876df46de117838d54870214e9504d45b974f86d59a29df688dbf3d3a
    Size: 900.15 kB
  4. libxml2-devel-2.9.13-14.el9_7.x86_64.rpm
    MD5: bbffb57239cb97aa13bd72ce8e50b097
    SHA-256: 48cc6d4f574caef03b5a636c1d62a878a0ce073ded854673542a703416fb9e41
    Size: 900.23 kB
  5. python3-libxml2-2.9.13-14.el9_7.x86_64.rpm
    MD5: 6f6b5a487138808cbd686334ef4c9e45
    SHA-256: 2ffbc5a39052b7ed2c89debbcbf9cd3d99b6613c53aabdc532bfeebe319a9d2d
    Size: 224.83 kB