[SECURITY] [DLA 4146-1] libxml2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4146-1] libxml2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 30 Apr 2025 17:34:35 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2504301733350.18355@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4146-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 30, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxml2
Version        : 2.9.10+dfsg-6.7+deb11u7
CVE ID         : CVE-2025-32414 CVE-2025-32415


Two issues have been found in libxml2, the GNOME XML library.

Thy are related to an out-of-bounds memory access in the Python API and aheap-buffer-overflow in xmlSchemaIDCFillNodeTables().



For Debian 11 bullseye, these problems have been fixed in version
2.9.10+dfsg-6.7+deb11u7.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmgSXytfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEctdw//c1oIXKadsEoW2jdtrZRUMjxiDlORp/n6xebhXmuIYjFJljzW9YOXDEbm
ju5IaqUOIinx0eVRbaRadPVPP4KiaHnYjuafJ3n/+c4Y+m+iSrtz7Wn/XYDomvfo
4UqR4j4s9FZwpS3nTw1drWJtn3sxjqSZzVWXMcw4M/y+YW57GbTEDPbXFjapOt+x
KalQzQJ0U1eTyrQJN/rsQWFCAQO827rPCgm7t0dbXJV5ovcm9p1T9Yb2jjlLQYQM
aIyffouF+6Cs8UP83DnaRUUBBNXO3AMS2mVFlna3wwfougwIdmdtaOqNw4e11dsb
j1XMcGE+rUv5h7VTk9Ats+60Lxkz1VA/igoPVN68ygw4Quz1nqnz6vZYljalQbia
6ShwXxaQ+wVhgLlBuAj+cB1I4dsjZlV+Hown3PMZe8oan/k45QDC4p711Mvp/p6z
K4zGvliEJ6wIa7aAV52Ww4MTaqJQDdDaMH5PRjVto5WU7NUjtL8ecQvtQRxi6Sbh
dvS2CDTVXXISv/8BnKXzzomnTART5MDfecSF6sBGr9FE2c7d6gl2XLHKVE6Lyqc4
72dCz3GR0ouWCkgMMlOJ/2klhpE5tTgo0OBeIk+ab4lrxx5o2bAFfNyCoDDov1ZP
PVkUE6sZrAbJnFqu4j7j7jceSsqZb9z+k8CqTT88mDanKIXMb/8=
=xTYX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4145-1] expat security update
Next by Date: [SECURITY] [DLA 4144-1] qemu security update
Previous by thread: [SECURITY] [DLA 4145-1] expat security update
Next by thread: [SECURITY] [DLA 4144-1] qemu security update
Index(es):
- Date
- Thread