[CLSA-2025:1748282288] Fix CVE(s): CVE-2025-32414, CVE-2025-32415

Type:

security

Severity:

Important

Release date:

2025-05-26 17:58:12 UTC

Description:

   * SECURITY UPDATE: Out-of-bounds memory access in Python API bindings
     - debian/patches/CVE-2025-32414.patch: Limit character reads and reserve
       buffer space for UTF-8 encoding to prevent overflow
     - CVE-2025-32414
   * SECURITY UPDATE: Heap buffer under-read in XML schema validation
     - debian/patches/CVE-2025-32415.patch: Fix heap buffer overflow
       in xmlSchemaIDCFillNodeTables
     - CVE-2025-32415

Updated packages:

libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els9_amd64.deb
sha:170c7508853663777c948f2099dfd4579ea6f113
libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els9_amd64.deb
sha:2f11e1d69374c6be5b2d05ee6b52155320c0d2e0
libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els9_all.deb
sha:8c6030038b132968c2a52b37127ebad2513444d4
libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els9_amd64.deb
sha:a9398b97f2ca84905ca94b72d916f742418159a8
python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els9_amd64.deb
sha:c995265f0a2a9c8ad31a0b56e8514d84362ac059

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.