libxml2-2.9.1-6.6.0.3.el7.AXS7

エラータID: AXSA:2025-9971:06

Release date: 
Monday, June 2, 2025 - 16:23
Subject: 
libxml2-2.9.1-6.6.0.3.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

Security Fix(es):
* CVE-2025-32414: fix out-of-bounds memory access
* CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables

CVE(s):
CVE-2025-32414
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
CVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Solution: 

Update packages.

CVEs: 
CVE-2025-32414
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
CVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. libxml2-2.9.1-6.6.0.3.el7.AXS7.i686.rpm
    MD5: 42de8d26c8af2e33a968c5cee51a5cfe
    SHA-256: bb49455cb45f30206ea653ab2973945a3674de5cff0c2d37fc50a1292356c803
    Size: 655.04 kB
  2. libxml2-2.9.1-6.6.0.3.el7.AXS7.x86_64.rpm
    MD5: 1f9603e3b68c7c8589f0fb70a5026a85
    SHA-256: e09c16cec7fb97591a32c817cf98fa5f2bb4b7e29222d27dbe3e340df80582e5
    Size: 668.50 kB
  3. libxml2-devel-2.9.1-6.6.0.3.el7.AXS7.i686.rpm
    MD5: 43bdd8bfd0fab885aa5b557804b88e74
    SHA-256: 076b259b71044878dfc75732deaccf2bc4a27a81577e03b6c085cb64f49bf019
    Size: 1.05 MB
  4. libxml2-devel-2.9.1-6.6.0.3.el7.AXS7.x86_64.rpm
    MD5: 2a80d5e0c28e5ce2ea00a0d969e6f647
    SHA-256: efe92e9488b63015c4ae6269caf1bbc7f6c9f3fc69a4f203e5adfddfb4566fef
    Size: 1.05 MB
  5. libxml2-python-2.9.1-6.6.0.3.el7.AXS7.x86_64.rpm
    MD5: f2ad920f10d975dffcb0eaf1b21a8e4e
    SHA-256: 7a8d9ae1c711a21981a5dadbadb27e051089ec7652d7cf7fce0da6c84aa1052b
    Size: 247.93 kB