[SECURITY] [DSA 5990-1] libxml2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5990-1 security@debian.org
https://www.debian.org/security/ Aron Xu
August 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libxml2
CVE ID : CVE-2025-7425
Debian Bug : 1109122
A flaw was found in libxslt, the XSLT 1.0 processing library, where the
attribute type, atype, flags are modified in a way that corrupts internal
memory management. This is addressed by adding guards in libxml2, the
GNOME XML library, preventing the heap use-after-free from happening.
For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.14+dfsg-1.3~deb12u4.
For the stable distribution (trixie), this problem has been fixed in
version 2.12.7+dfsg+really2.9.14-2.1+deb13u1.
We recommend that you upgrade your libxml2 packages.
For the detailed security status of libxml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmixVKwACgkQNP8o68vM
TMii+gf/UOXKGTi+P/o1wdqqIsUrd7PWI6M7rs4+7w1rKi2o5BiwOf7BwZOGMN6c
XXucltuZ6LPfbzQxaGKGy3MWJBaNOqLilCPfiIUbM4LhQLGrkBLRDEyP/Pp+KXtH
NUkzPcoKoqxQLC9LNPzqtXni50NAqFbIlAja/aCBzVdWN9+Xdw607M5lhINZ8x50
o7oF3IWfeZcDrwtoTEu6o1TFvne1Enp3yUkphxR/w4AJ2y9yxZM0hASxWgcqZ/eN
7hoX6VnpzBeRbs2fos4e4LoyZhQxIp2uFhi4HkoOA5iLjG/R7dHlAFVJimMrprHZ
xobvNg4WOxWfLsC3xEpo189hLxfHbA==
=FcGH
-----END PGP SIGNATURE-----
Reply to: