CLSA-2025-1746653948

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1746653948

Upstream

CVE-2025-32414

CVE-2025-32415

Published

2025-05-07T21:39:13Z

Modified

2026-06-04T09:47:30.320689173Z

Summary

Fix CVE(s): CVE-2025-32414, CVE-2025-32415

Details

SECURITY UPDATE: OOB access in python API
- debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with character streams in python/drv_libxml2.py.
- debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters in python/libxml.c.
- debian/patches/CVE-2025-32414-2.patch: add a test in python/tests/Makefile.am, python/tests/unicode.py.
- CVE-2025-32414
SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables
- debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in xmlSchemaIDCFillNodeTables in xmlschemas.c.
- CVE-2025-32415

References

https://errata.tuxcare.com/ubuntu20.04-els/CLSA-2025-1746653948.html

Affected packages

TuxCare:Ubuntu:20.04

libxml2

Package

Name: libxml2
Purl: pkg:deb/tuxcare/libxml2?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"

libxml2-dev

Package

Name: libxml2-dev
Purl: pkg:deb/tuxcare/libxml2-dev?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"

libxml2-doc

Package

Name: libxml2-doc
Purl: pkg:deb/tuxcare/libxml2-doc?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"

libxml2-utils

Package

Name: libxml2-utils
Purl: pkg:deb/tuxcare/libxml2-utils?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"

python-libxml2

Package

Name: python-libxml2
Purl: pkg:deb/tuxcare/python-libxml2?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"

python3-libxml2

Package

Name: python3-libxml2
Purl: pkg:deb/tuxcare/python3-libxml2?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2025-1746653948.json"