SUSE-SU-2025:02355-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2025:02355-1

UNKNOWN

Security update for libxml2

Published Jul 17, 2025

Modified 7 months ago

Fix available

Details

This update for libxml2 fixes the following issues:

CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)

Affected Packages

libxml2

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

2.9.14-150400.5.44.1

libxml2-2

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

2.9.14-150400.5.44.1

libxml2-2-32bit

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy 4.3

Fixed in:

2.9.14-150400.5.44.1

libxml2-devel

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy 4.3

Fixed in:

2.9.14-150400.5.44.1

libxml2-python

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

2.9.14-150400.5.44.1

libxml2-tools

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

2.9.14-150400.5.44.1

python3-libxml2

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

2.9.14-150400.5.44.1

python311-libxml2

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

2.9.14-150400.5.44.1

References

https://bugzilla.suse.com/1244554

https://bugzilla.suse.com/1244557

https://bugzilla.suse.com/1244590

https://bugzilla.suse.com/1244700

https://www.suse.com/security/cve/CVE-2025-49794

https://www.suse.com/security/cve/CVE-2025-49796

https://www.suse.com/security/cve/CVE-2025-6021

https://www.suse.com/security/cve/CVE-2025-6170

https://www.suse.com/support/update/announcement/2025/suse-su-202502355-1/

Upstream

CVE-2025-49794 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170

Related

CVE-2025-49794 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170

Ecosystems(8)

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Server 15 SP4-LTSS

Timeline

PublishedJul 17, 2025

ModifiedJul 17, 2025