Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20418-1 Final 1 1 2025-06-13T10:50:10Z current 2025-06-13T10:50:10Z 2025-06-13T10:50:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2024-40896: Fixed XXE vulnerability (bsc#1234812) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-147 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520418-1/ Link for SUSE-SU-2025:20418-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040397.html E-Mail link for SUSE-SU-2025:20418-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1234812 SUSE Bug 1234812 https://www.suse.com/security/cve/CVE-2024-40896/ SUSE CVE CVE-2024-40896 page SUSE Linux Micro 6.1 libxml2-2-2.11.6-slfo.1.1_5.1 libxml2-tools-2.11.6-slfo.1.1_5.1 libxml2-2-2.11.6-slfo.1.1_5.1 as a component of SUSE Linux Micro 6.1 libxml2-tools-2.11.6-slfo.1.1_5.1 as a component of SUSE Linux Micro 6.1 In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. CVE-2024-40896 SUSE Linux Micro 6.1:libxml2-2-2.11.6-slfo.1.1_5.1 SUSE Linux Micro 6.1:libxml2-tools-2.11.6-slfo.1.1_5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520418-1/ https://www.suse.com/security/cve/CVE-2024-40896.html CVE-2024-40896 https://bugzilla.suse.com/1234812 SUSE Bug 1234812