Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1435-1 Final 1 1 2025-05-02T10:39:17Z current 2025-05-02T10:39:17Z 2025-05-02T10:39:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle15.4/bci-base:latest-2025-1435,Container suse/manager/4.3/proxy-httpd:latest-2025-1435,Container suse/manager/4.3/proxy-salt-broker:latest-2025-1435,Container suse/manager/4.3/proxy-squid:latest-2025-1435,Container suse/sle-micro-rancher/5.3:latest-2025-1435,Container suse/sle-micro-rancher/5.4:latest-2025-1435,Container suse/sle-micro/5.3/toolbox:latest-2025-1435,Container suse/sle-micro/5.4/toolbox:latest-2025-1435,SUSE-2025-1435,SUSE-SLE-Micro-5.3-2025-1435,SUSE-SLE-Micro-5.4-2025-1435 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251435-1/ Link for SUSE-SU-2025:1435-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039123.html E-Mail link for SUSE-SU-2025:1435-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1241453 SUSE Bug 1241453 https://bugzilla.suse.com/1241551 SUSE Bug 1241551 https://www.suse.com/security/cve/CVE-2025-32414/ SUSE CVE CVE-2025-32414 page https://www.suse.com/security/cve/CVE-2025-32415/ SUSE CVE CVE-2025-32415 page Container suse/ltss/sle15.4/bci-base:latest Container suse/manager/4.3/proxy-httpd:latest Container suse/manager/4.3/proxy-salt-broker:latest Container suse/manager/4.3/proxy-squid:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.3/toolbox:latest Container suse/sle-micro/5.4/toolbox:latest SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 libxml2-2-2.9.14-150400.5.41.1 python3-libxml2-2.9.14-150400.5.41.1 libxml2-2-32bit-2.9.14-150400.5.41.1 libxml2-2-64bit-2.9.14-150400.5.41.1 libxml2-devel-2.9.14-150400.5.41.1 libxml2-devel-32bit-2.9.14-150400.5.41.1 libxml2-devel-64bit-2.9.14-150400.5.41.1 libxml2-doc-2.9.14-150400.5.41.1 libxml2-tools-2.9.14-150400.5.41.1 python311-libxml2-2.9.14-150400.5.41.1 libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/ltss/sle15.4/bci-base:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/manager/4.3/proxy-httpd:latest python3-libxml2-2.9.14-150400.5.41.1 as a component of Container suse/manager/4.3/proxy-httpd:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/manager/4.3/proxy-salt-broker:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/manager/4.3/proxy-squid:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/sle-micro-rancher/5.3:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/sle-micro-rancher/5.4:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/sle-micro/5.3/toolbox:latest libxml2-2-2.9.14-150400.5.41.1 as a component of Container suse/sle-micro/5.4/toolbox:latest libxml2-2-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.3 libxml2-tools-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.3 python3-libxml2-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.3 libxml2-2-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.4 libxml2-tools-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.4 python3-libxml2-2.9.14-150400.5.41.1 as a component of SUSE Linux Enterprise Micro 5.4 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. CVE-2025-32414 Container suse/ltss/sle15.4/bci-base:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-squid:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro-rancher/5.3:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro-rancher/5.4:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro/5.3/toolbox:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro/5.4/toolbox:latest:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:libxml2-tools-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:python3-libxml2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:libxml2-tools-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:python3-libxml2-2.9.14-150400.5.41.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251435-1/ https://www.suse.com/security/cve/CVE-2025-32414.html CVE-2025-32414 https://bugzilla.suse.com/1241551 SUSE Bug 1241551 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. CVE-2025-32415 Container suse/ltss/sle15.4/bci-base:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-httpd:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-httpd:latest:python3-libxml2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-salt-broker:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/manager/4.3/proxy-squid:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro-rancher/5.3:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro-rancher/5.4:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro/5.3/toolbox:latest:libxml2-2-2.9.14-150400.5.41.1 Container suse/sle-micro/5.4/toolbox:latest:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:libxml2-tools-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.3:python3-libxml2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:libxml2-2-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:libxml2-tools-2.9.14-150400.5.41.1 SUSE Linux Enterprise Micro 5.4:python3-libxml2-2.9.14-150400.5.41.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251435-1/ https://www.suse.com/security/cve/CVE-2025-32415.html CVE-2025-32415 https://bugzilla.suse.com/1241453 SUSE Bug 1241453