Opened 7 months ago

Closed 7 months ago

#21855 closed enhancement (fixed)

libxml2-2.14.5

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Joe Locash, 7 months ago

Priority: normalelevated

This release contains security updates. Not many details are made clear but these CVE's should be fixed:

  • CVE-2025-6170: Stack-based Buffer Overflow in xmllint Shell - shell.c
  • CVE-2025-49796: Type confusion leads to Denial of service (DoS)
  • CVE-2025-49795: Null pointer dereference leads to Denial of service (DoS)
  • CVE-2025-49794: Heap use after free (UAF) leads to Denial of service (DoS)

comment:2 by Douglas R. Reno, 7 months ago

Priority: elevatedhigh

CVE-2025-49796 and CVE-2025-49794 were rated as Critical as it appears to allow for attackers to place data in memory at given locations, and it can thus be used for code execution.

comment:3 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 7 months ago

I've got this done locally now and also created a patch for libxml2-2.13, backporting from upstream's 2.13 branch.

comment:5 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 5bb9b054dfd185613b4304f7a9fb2d84fac1cc66

SA-12.3-073 issued

Note: See TracTickets for help on using tickets.