ALSA-2025:10630
- Source
- https://errata.almalinux.org/10/ALSA-2025-10630.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:10630.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2025:10630
- Related
- Published
- 2025-07-08T00:00:00Z
- Modified
- 2025-07-10T13:05:05Z
- Summary
- Important: libxml2 security update
- Details
-
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
- libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794)
- libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795)
- libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)
- libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:10630
- https://access.redhat.com/security/cve/CVE-2025-49794
- https://access.redhat.com/security/cve/CVE-2025-49795
- https://access.redhat.com/security/cve/CVE-2025-49796
- https://access.redhat.com/security/cve/CVE-2025-6021
- https://bugzilla.redhat.com/2372373
- https://bugzilla.redhat.com/2372379
- https://bugzilla.redhat.com/2372385
- https://bugzilla.redhat.com/2372406
- https://errata.almalinux.org/10/ALSA-2025-10630.html
Affected packages
AlmaLinux:10 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:rpm/almalinux/libxml2
AlmaLinux:10 / libxml2-devel
Package
- Name
- libxml2-devel
- Purl
- pkg:rpm/almalinux/libxml2-devel
AlmaLinux:10 / libxml2-static
Package
- Name
- libxml2-static
- Purl
- pkg:rpm/almalinux/libxml2-static