libxml2-2.9.7-19.el8_10

エラータID: AXSA:2025-9748:04

リリース日: 
2025/03/13 Thursday - 21:50
題名: 
libxml2-2.9.7-19.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: Use-After-Free in libxml2 (CVE-2024-56171)
* libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 (CVE-2025-24928)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-56171
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

解決策: 

Update packages.

CVE: 
CVE-2024-56171
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVE-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libxml2-2.9.7-19.el8_10.src.rpm
    MD5: bca5345ebc4456403a2ce7444c18c5c1
    SHA-256: 1bf422a96152688b86db5b15dc15b0c45a1a23adfc4d087554116be5f4162e26
    Size: 5.23 MB

Asianux Server 8 for x86_64
  1. libxml2-2.9.7-19.el8_10.i686.rpm
    MD5: bde1b1c61ef2e5acbb12744e800c0230
    SHA-256: 5733d9750f50fa619e6518aa32f7edd432c109f52a83cdac91d10bcbd132b8c0
    Size: 740.51 kB
  2. libxml2-2.9.7-19.el8_10.x86_64.rpm
    MD5: eb36972da749376016175c142fc3b2ef
    SHA-256: 0eb9ae4488c868b41100ac9475e5b9fd1e4cf7313001f4e1654e76052d112054
    Size: 695.64 kB
  3. libxml2-devel-2.9.7-19.el8_10.i686.rpm
    MD5: f3c815bfc41c5ee7ea2d3bcead6a735e
    SHA-256: 0e1c0e9950e30a6bcb5b75b69185befa7ad1741cb7e93d02ffad67bac72fa222
    Size: 1.04 MB
  4. libxml2-devel-2.9.7-19.el8_10.x86_64.rpm
    MD5: f27f9394ac67975baebb06d6e3524262
    SHA-256: f9068872a79e865b496dce355afde3c693dd427fc715f87522d8b97c00bc95e2
    Size: 1.04 MB
  5. python3-libxml2-2.9.7-19.el8_10.x86_64.rpm
    MD5: 2ed40b6aeeeb597c2193927126c6134e
    SHA-256: d12e687cc11bf1966078788ce338dadaace4052100bd894ee830a2c0305d2bc7
    Size: 236.91 kB