Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0747-1 Final 1 1 2025-02-28T16:11:47Z current 2025-02-28T16:11:47Z 2025-02-28T16:11:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle12.5/sles12sp5:latest-2025-747,Image SLES12-SP5-EC2-BYOS-2025-747,Image SLES12-SP5-EC2-On-Demand-2025-747,Image SLES12-SP5-EC2-SAP-BYOS-2025-747,Image SLES12-SP5-EC2-SAP-On-Demand-2025-747,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2025-747,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2025-747,SUSE-2025-747,SUSE-SLE-SERVER-12-SP5-LTSS-2025-747,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-747 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250747-1/ Link for SUSE-SU-2025:0747-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020468.html E-Mail link for SUSE-SU-2025:0747-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237363 SUSE Bug 1237363 https://bugzilla.suse.com/1237370 SUSE Bug 1237370 https://bugzilla.suse.com/1237418 SUSE Bug 1237418 https://www.suse.com/security/cve/CVE-2024-56171/ SUSE CVE CVE-2024-56171 page https://www.suse.com/security/cve/CVE-2025-24928/ SUSE CVE CVE-2025-24928 page https://www.suse.com/security/cve/CVE-2025-27113/ SUSE CVE CVE-2025-27113 page Container suse/ltss/sle12.5/sles12sp5:latest Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2-2-2.9.4-46.81.1 libxml2-tools-2.9.4-46.81.1 libxml2-2-32bit-2.9.4-46.81.1 libxml2-2-64bit-2.9.4-46.81.1 libxml2-devel-2.9.4-46.81.1 libxml2-devel-32bit-2.9.4-46.81.1 libxml2-devel-64bit-2.9.4-46.81.1 libxml2-doc-2.9.4-46.81.1 python-libxml2-2.9.4-46.81.1 libxml2-2-2.9.4-46.81.1 as a component of Container suse/ltss/sle12.5/sles12sp5:latest libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-BYOS libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-On-Demand libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libxml2-tools-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libxml2-tools-2.9.4-46.81.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libxml2-tools-2.9.4-46.81.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libxml2-2-2.9.4-46.81.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libxml2-2-32bit-2.9.4-46.81.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libxml2-tools-2.9.4-46.81.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libxml2-2-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxml2-2-32bit-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxml2-devel-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxml2-doc-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxml2-tools-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python-libxml2-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxml2-2-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2-2-32bit-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2-devel-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2-doc-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2-tools-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python-libxml2-2.9.4-46.81.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. CVE-2024-56171 Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-32bit-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python-libxml2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-libxml2-2.9.4-46.81.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250747-1/ https://www.suse.com/security/cve/CVE-2024-56171.html CVE-2024-56171 https://bugzilla.suse.com/1237363 SUSE Bug 1237363 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. CVE-2025-24928 Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-32bit-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python-libxml2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-libxml2-2.9.4-46.81.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250747-1/ https://www.suse.com/security/cve/CVE-2025-24928.html CVE-2025-24928 https://bugzilla.suse.com/1237370 SUSE Bug 1237370 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Container suse/ltss/sle12.5/sles12sp5:latest:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-BYOS:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-2-32bit-2.9.4-46.81.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python-libxml2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-2-32bit-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-devel-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-doc-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxml2-tools-2.9.4-46.81.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python-libxml2-2.9.4-46.81.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250747-1/ https://www.suse.com/security/cve/CVE-2025-27113.html CVE-2025-27113 https://bugzilla.suse.com/1237418 SUSE Bug 1237418