Advisories » MGASA-2025-0073

Updated libxml2 packages fix security vulnerabilities

Publication date: 25 Feb 2025
Modification date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56171 , CVE-2025-24928 , CVE-2025-27113

Description

The updated packages fix security vulnerabilities:
Use-after-free in xmlSchemaIDCFillNodeTables. (CVE-2024-56171)
Stack-buffer-overflow in xmlSnprintfElements. (CVE-2025-24928)
Null-deref in xmlPatMatch. (CVE-2025-27113)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34037
• https://openwall.com/lists/oss-security/2025/02/18/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113

SRPMS

9/core

• libxml2-2.10.4-1.6.mga9