libxml2-2.9.7-21.el8_10.1
エラータID: AXSA:2025-10455:09
リリース日:
2025/07/14 Monday - 18:11
題名:
libxml2-2.9.7-21.el8_10.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libxml2 には、メモリ領域の解放後利用の問題があるため、リモート
の攻撃者により、データ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2025-49794)
- libxml2 には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-49796)
- libxml2 には、スタックベースのバッファオーバーフローが発生する
問題があるため、リモートの攻撃者により、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2025-6021)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-49794
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
追加情報:
N/A
ダウンロード:
SRPMS
- libxml2-2.9.7-21.el8_10.1.src.rpm
MD5: a8d5b7db6575814e0a887ba046374040
SHA-256: 65d9259fb7ec2c261e95bff318a80c3c1aed809261d41303a131ca3bb9915c96
Size: 5.23 MB
Asianux Server 8 for x86_64
- libxml2-2.9.7-21.el8_10.1.i686.rpm
MD5: a815dc0040f0da5b8f08c4d3fef3df06
SHA-256: a073632f4915d6cac39943270ecf57db7b3755e7d76a2d48a0f05fcd2bfef126
Size: 741.01 kB - libxml2-2.9.7-21.el8_10.1.x86_64.rpm
MD5: d93f87e361924e2640a146391cc00acf
SHA-256: 60ec59a011c4241d3ea9695252c445bf112771263ac5a8d021c19b9727230d0f
Size: 695.99 kB - libxml2-devel-2.9.7-21.el8_10.1.i686.rpm
MD5: 0e382671fb7fa8a84c1d86ced16e8b68
SHA-256: 0068d7412eb397c4bb73abde882fb60bc69361cb918c8bdce248c63cc0938606
Size: 1.04 MB - libxml2-devel-2.9.7-21.el8_10.1.x86_64.rpm
MD5: aca90d6ffdb339ef7c6999232f322faa
SHA-256: bfb7a0306e5db35fbbb5ef62d463cdfe5cec6a3599078addb680a9611bdf9c69
Size: 1.04 MB - python3-libxml2-2.9.7-21.el8_10.1.x86_64.rpm
MD5: 5cb391c51562cf2d9c12fb7d2e6371da
SHA-256: 0166af94aa9e84a249a6d0b62647d8d2f87bf460f29947d1b4130e1309a0c769
Size: 237.38 kB
English