it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5990-1] libxml2 security update

From: Aron Xu <aron AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5990-1] libxml2 security update
Date: Fri, 29 Aug 2025 07:24:45 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
List-archive: https://lists.debian.org/msgid-search/E1urtTZ-003Lhb-0G AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=0D9tGzTFzsDF8WtTnNHrRYbjCjHPJdevuUxO8Tumu7I=; b=nT /mjZmx9JsxHoJYWFU53zyq1l71rx/X6/l3wUILMQ/Ux5imnjABCirhlMiDnJfarN/MVeOUJ2DZqEv XaPgkF/YnDCfor/y1HmJFTgHA+xZCRYL4vos/ANiEAyxnWW5cYzlW8mcT8O3gZAcglZg2gL1TIxPN vldiJZIWcLrOfuL+EOiY8rKZl8GMzQXC4CxM4L2+8FOFmQ2WOqiNfykE5Z0i81+AZCBq4+/nwhsJS PICYUVy/AaIgR3sVFyOhsn/xs4d2NSndZc5zz1/j5PTzQv+hA8bInvN2w3I1N5Q2GXnncgWTVgruj CtNsEsMu7wHq4UMeRRVhd/q7+Xvaoitg==;
Old-return-path: <aron AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 29 Aug 2025 07:25:13 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <QAtkFGa23iO.A.CrdI.ZXVsoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5990-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
August 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2025-7425
Debian Bug : 1109122

A flaw was found in libxslt, the XSLT 1.0 processing library, where the
attribute type, atype, flags are modified in a way that corrupts internal
memory management. This is addressed by adding guards in libxml2, the
GNOME XML library, preventing the heap use-after-free from happening.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.14+dfsg-1.3~deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 2.12.7+dfsg+really2.9.14-2.1+deb13u1.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmixVKwACgkQNP8o68vM
TMii+gf/UOXKGTi+P/o1wdqqIsUrd7PWI6M7rs4+7w1rKi2o5BiwOf7BwZOGMN6c
XXucltuZ6LPfbzQxaGKGy3MWJBaNOqLilCPfiIUbM4LhQLGrkBLRDEyP/Pp+KXtH
NUkzPcoKoqxQLC9LNPzqtXni50NAqFbIlAja/aCBzVdWN9+Xdw607M5lhINZ8x50
o7oF3IWfeZcDrwtoTEu6o1TFvne1Enp3yUkphxR/w4AJ2y9yxZM0hASxWgcqZ/eN
7hoX6VnpzBeRbs2fos4e4LoyZhQxIp2uFhi4HkoOA5iLjG/R7dHlAFVJimMrprHZ
xobvNg4WOxWfLsC3xEpo189hLxfHbA==
=FcGH
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5990-1] libxml2 security update, Aron Xu, 29.08.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.