Updated libxml2 & libxslt packages fix security vulnerabilities
Publication date: 09 Nov 2025Modification date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49794 , CVE-2025-49795 , CVE-2025-49796 , CVE-2025-6021 , CVE-2025-6170 , CVE-2025-7424 , CVE-2025-7425
Description
Heap use after free (UAF) leads to Denial of service (DoS).
(CVE-2025-49794)
Null pointer dereference leads to Denial of service (DoS).
(CVE-2025-49795)
Type confusion leads to Denial of service (DoS). (CVE-2025-49796)
Integer Overflow Leading to Buffer Overflow in xmlBuildQName().
(CVE-2025-6021)
Stack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170)
Type confusion in xmlNode.psvi between stylesheet and source nodes.
(CVE-2025-7424)
Heap-use-after-free in xmlFreeID caused by `atype` corruption.
(CVE-2025-7425)
References
- https://bugs.mageia.org/show_bug.cgi?id=34378
- https://www.openwall.com/lists/oss-security/2025/06/16/6
- https://www.openwall.com/lists/oss-security/2025/07/11/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425
SRPMS
9/core
- libxml2-2.10.4-1.8.mga9
- libxslt-1.1.38-1.2.mga9