Updated libxml2 packages fix security vulnerabilities
Publication date: 30 Jan 2026Modification date: 29 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8732 , CVE-2026-0989 , CVE-2026-0990 , CVE-2026-0992
Description
xmlcatalog xmlParseSGMLCatalog recursion. (CVE-2025-8732)
Unbounded relaxng include recursion leading to stack overflow.
(CVE-2026-0989)
Denial of service via uncontrolled recursion in xml catalog processing.
(CVE-2026-0990)
Denial of service via crafted xml catalogs. (CVE-2026-0992)
References
- https://bugs.mageia.org/show_bug.cgi?id=35058
- https://ubuntu.com/security/notices/USN-7974-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992
SRPMS
9/core
- libxml2-2.10.4-1.9.mga9