[CLSA-2025:1753729667] Fix CVE(s): CVE-2025-49794, CVE-2025-49796

Type:

security

Severity:

Critical

Release date:

2025-07-28 19:07:52 UTC

Description:

   * SECURITY UPDATE: memory vulnerabilities in schematron
     - debian/patches/CVE-2025-49794_CVE-2025-49796.patch: fix memory safety
       issues in xmlSchematronReportOutput when parsing XPath elements and
       memory corruption issue triggered by processing sch:name elements
       in input XML file
     - CVE-2025-49794
     - CVE-2025-49796

Updated packages:

libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els10_amd64.deb
sha:9db7d340beec12f1b2bbefeba68c4ebac175d1b9
libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els10_amd64.deb
sha:a0e05e2ea1af743d07960002cf62cba352ccdc90
libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els10_all.deb
sha:ab25475db36899d4e749bc5d3d04d2cddb4155bb
libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els10_amd64.deb
sha:f57e9df1f7dec3d4ba84f72ea897b5a0d6299306
python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els10_amd64.deb
sha:cc90078c37e2e51396f087d0e6263a3edf5fa481

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.