SUSE-SU-2026:0782-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20260782-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0782-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:0782-1
Upstream
  • CVE-2026-0990
  • CVE-2026-0992
Related
Published
2026-03-03T13:35:15Z
Modified
2026-03-04T22:17:00.854583Z
Summary
Security update for libxml2
Details

This update for libxml2 fixes the following issues:

  • CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. (bsc#1256807, bsc#1256811)
  • CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
  • CVE-2026-1757: Fixed a memory leak in the xmllint interactive shell. (bsc#1257594, bsc#1257595)
  • CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
References

Affected packages

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
libxml2

Package

Name
libxml2
Purl
pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.4-46.99.1

Ecosystem specific 

{
    "binaries": [
        {
            "libxml2-2": "2.9.4-46.99.1",
            "libxml2-tools": "2.9.4-46.99.1",
            "libxml2-devel": "2.9.4-46.99.1",
            "python-libxml2": "2.9.4-46.99.1",
            "libxml2-doc": "2.9.4-46.99.1",
            "libxml2-2-32bit": "2.9.4-46.99.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0782-1.json"
python-libxml2

Package

Name
python-libxml2
Purl
pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.4-46.99.1

Ecosystem specific 

{
    "binaries": [
        {
            "libxml2-2": "2.9.4-46.99.1",
            "libxml2-tools": "2.9.4-46.99.1",
            "libxml2-devel": "2.9.4-46.99.1",
            "python-libxml2": "2.9.4-46.99.1",
            "libxml2-doc": "2.9.4-46.99.1",
            "libxml2-2-32bit": "2.9.4-46.99.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0782-1.json"