Security update for libxslt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1003-1 Final 1 1 2025-03-25T08:42:08Z current 2025-03-25T08:42:08Z 2025-03-25T08:42:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxslt This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2025-1003,SUSE-2025-1003,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1003,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1003,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1003,SUSE-SUSE-MicroOS-5.1-2025-1003,SUSE-SUSE-MicroOS-5.2-2025-1003,SUSE-Storage-7.1-2025-1003,openSUSE-SLE-15.6-2025-1003 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251003-1/ Link for SUSE-SU-2025:1003-1 https://lists.suse.com/pipermail/sle-security-updates/2025-March/020595.html E-Mail link for SUSE-SU-2025:1003-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1238591 SUSE Bug 1238591 https://bugzilla.suse.com/1239625 SUSE Bug 1239625 https://bugzilla.suse.com/1239637 SUSE Bug 1239637 https://www.suse.com/security/cve/CVE-2023-40403/ SUSE CVE CVE-2023-40403 page https://www.suse.com/security/cve/CVE-2024-55549/ SUSE CVE CVE-2024-55549 page https://www.suse.com/security/cve/CVE-2025-24855/ SUSE CVE CVE-2025-24855 page Container suse/sle-micro-rancher/5.2:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 openSUSE Leap 15.6 libxslt1-1.1.32-150000.3.17.1 libxslt-devel-1.1.32-150000.3.17.1 libxslt-devel-32bit-1.1.32-150000.3.17.1 libxslt-devel-64bit-1.1.32-150000.3.17.1 libxslt-python-1.1.32-150000.3.17.1 libxslt-tools-1.1.32-150000.3.17.1 libxslt1-32bit-1.1.32-150000.3.17.1 libxslt1-64bit-1.1.32-150000.3.17.1 libxslt1-1.1.32-150000.3.17.1 as a component of Container suse/sle-micro-rancher/5.2:latest libxslt-devel-1.1.32-150000.3.17.1 as a component of SUSE Enterprise Storage 7.1 libxslt-tools-1.1.32-150000.3.17.1 as a component of SUSE Enterprise Storage 7.1 libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Enterprise Storage 7.1 libxslt-devel-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libxslt-tools-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Micro 5.1 libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Micro 5.2 libxslt-devel-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libxslt-tools-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libxslt-devel-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libxslt-tools-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libxslt1-1.1.32-150000.3.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libxslt-python-1.1.32-150000.3.17.1 as a component of openSUSE Leap 15.6 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403 Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.2:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt1-1.1.32-150000.3.17.1 openSUSE Leap 15.6:libxslt-python-1.1.32-150000.3.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251003-1/ https://www.suse.com/security/cve/CVE-2023-40403.html CVE-2023-40403 https://bugzilla.suse.com/1238591 SUSE Bug 1238591 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.2:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt1-1.1.32-150000.3.17.1 openSUSE Leap 15.6:libxslt-python-1.1.32-150000.3.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251003-1/ https://www.suse.com/security/cve/CVE-2024-55549.html CVE-2024-55549 https://bugzilla.suse.com/1239637 SUSE Bug 1239637 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. CVE-2025-24855 Container suse/sle-micro-rancher/5.2:latest:libxslt1-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-devel-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt-tools-1.1.32-150000.3.17.1 SUSE Enterprise Storage 7.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.1:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Micro 5.2:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libxslt1-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-devel-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt-tools-1.1.32-150000.3.17.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxslt1-1.1.32-150000.3.17.1 openSUSE Leap 15.6:libxslt-python-1.1.32-150000.3.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251003-1/ https://www.suse.com/security/cve/CVE-2025-24855.html CVE-2025-24855 https://bugzilla.suse.com/1239625 SUSE Bug 1239625