CLSA-2025-1741286239

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1741286239

Upstream

CVE-2022-49043

CVE-2024-34459

CVE-2024-56171

CVE-2025-24928

CVE-2025-27113

Published

2025-03-06T18:37:24Z

Modified

2026-06-04T10:03:13.313824144Z

Summary

Fix of 5 CVEs

Details

SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext
- debian/patches/CVE-2024-34459.patch: Fix buffer overread with xmllint --htmlout by adding a missing bounds check
- CVE-2024-34459
SECURITY UPDATE: use-after-free vulnerability in xinclude.c
- debian/patches/CVE-2022-49043.patch: Fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free
- CVE-2022-49043
SECURITY UPDATE: stack-based buffer overflow in xmlSnprintfElements in valid.c
- debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in xmlSnprintfElements caused by improperly calculating qname length
- CVE-2025-24928
SECURITY UPDATE: NULL pointer dereference in xmlPatMatch in pattern.c
- debian/patches/CVE-2025-27113.patch: Fix compilation of explicit child axis to generate XMLOPELEM like the case without an axis
- CVE-2025-27113
SECURITY UPDATE: use-after-free vulnerability in XML schema processing
- debian/patches/CVE-2024-56171.patch: Fix use-after-free after xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables
- CVE-2024-56171

References

https://errata.cloudlinux.com/ubuntu16-els/CLSA-2025-1741286239.html

Affected packages

TuxCare:Ubuntu:16.04 / libxml2

Package

Name: libxml2
Purl: pkg:deb/tuxcare/libxml2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json"

TuxCare:Ubuntu:16.04 / libxml2-dev

Package

Name: libxml2-dev
Purl: pkg:deb/tuxcare/libxml2-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json"

TuxCare:Ubuntu:16.04 / libxml2-doc

Package

Name: libxml2-doc
Purl: pkg:deb/tuxcare/libxml2-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json"

TuxCare:Ubuntu:16.04 / libxml2-utils

Package

Name: libxml2-utils
Purl: pkg:deb/tuxcare/libxml2-utils?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json"

TuxCare:Ubuntu:16.04 / python-libxml2

Package

Name: python-libxml2
Purl: pkg:deb/tuxcare/python-libxml2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1741286239.json"