Updated libxslt packages fix security vulnerabilities
Publication date: 22 Mar 2025Modification date: 22 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-55549 , CVE-2025-24855
Description
xsltGetInheritedNsList in libxslt has a use-after-free issue related to
exclusion of result prefixes (CVE-2024-55549).
numbers.c in libxslt has a use-after-free because, in nested XPath
evaluations, an XPath context node can be modified but never restored.
This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate,
xsltEvalXPathStringNs, and xsltComputeSortResultInternal
(CVE-2025-24855).
References
SRPMS
9/core
- libxslt-1.1.38-1.1.mga9