libxml2-2.9.13-6.el9_5.2

エラータID: AXSA:2025-9745:03

リリース日: 
2025/03/13 Thursday - 21:28
題名: 
libxml2-2.9.13-6.el9_5.2
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: Use-After-Free in libxml2 (CVE-2024-56171)
* libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 (CVE-2025-24928)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-56171
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

解決策: 

Update packages.

CVE: 
CVE-2024-56171
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libxml2-2.9.13-6.el9_5.2.src.rpm
    MD5: 11e27781fd5b69874f77305fe8260dd1
    SHA-256: a982b98d955cf0dc8c410319c37a8ca20ba6bcfe75089a9c0d0820844f3e0921
    Size: 3.13 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-6.el9_5.2.i686.rpm
    MD5: 09fedd482acb07a3d3bdf4dbb789baf8
    SHA-256: 7476bab4c4fa3c88fa3f044ef3d7b28cfcfd94a3950c42d205f8f46dba9e3ca9
    Size: 784.06 kB
  2. libxml2-2.9.13-6.el9_5.2.x86_64.rpm
    MD5: 1619cd02cade9a90a29ba4906036e024
    SHA-256: 90dccc5a6b83074f8ef323596384807f03ae0284967934a2fb352fc83828b0b9
    Size: 746.34 kB
  3. libxml2-devel-2.9.13-6.el9_5.2.i686.rpm
    MD5: 5d50f52eec0a1fc878586fe6616eaa1c
    SHA-256: bd8cafb3feaf76f566c6778db904f0acbfbfd09be9b64e9ff0306ec7cbf42f61
    Size: 899.59 kB
  4. libxml2-devel-2.9.13-6.el9_5.2.x86_64.rpm
    MD5: af0b119264b59812da27b3c78ee2f3d9
    SHA-256: aaf13e662bb5b2afee6e647e30ef28832f47bf633931607692ee8378e47ad824
    Size: 899.48 kB
  5. python3-libxml2-2.9.13-6.el9_5.2.x86_64.rpm
    MD5: 08448573dfac20959e10128c9ec77751
    SHA-256: 78cfd5ee1f6f5eff6cabf4dc604f1faf0dd03e9168fb138b9bbe3ad1ce35027b
    Size: 224.63 kB