home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.announce.security      Debian security announcements I think?      29 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 19 of 29   
   Aron Xu to All   
   [SECURITY] [DSA 5990-1] libxml2 security   
   29 Aug 25 09:30:02   
   
   From: aron@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA256   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-5990-1                   security@debian.org   
   https://www.debian.org/security/                                  Aron Xu   
   August 29, 2025                       https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : libxml2   
   CVE ID         : CVE-2025-7425   
   Debian Bug     : 1109122   
      
   A flaw was found in libxslt, the XSLT 1.0 processing library, where the   
   attribute type, atype, flags are modified in a way that corrupts internal   
   memory management. This is addressed by adding guards in libxml2, the   
   GNOME XML library, preventing the heap use-after-free from happening.   
      
   For the oldstable distribution (bookworm), this problem has been fixed   
   in version 2.9.14+dfsg-1.3~deb12u4.   
      
   For the stable distribution (trixie), this problem has been fixed in   
   version 2.12.7+dfsg+really2.9.14-2.1+deb13u1.   
      
   We recommend that you upgrade your libxml2 packages.   
      
   For the detailed security status of libxml2 please refer to   
   its security tracker page at:   
   https://security-tracker.debian.org/tracker/libxml2   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmixVKwACgkQNP8o68vM   
   TMii+gf/UOXKGTi+P/o1wdqqIsUrd7PWI6M7rs4+7w1rKi2o5BiwOf7BwZOGMN6c   
   XXucltuZ6LPfbzQxaGKGy3MWJBaNOqLilCPfiIUbM4LhQLGrkBLRDEyP/Pp+KXtH   
   NUkzPcoKoqxQLC9LNPzqtXni50NAqFbIlAja/aCBzVdWN9+Xdw607M5lhINZ8x50   
   o7oF3IWfeZcDrwtoTEu6o1TFvne1Enp3yUkphxR/w4AJ2y9yxZM0hASxWgcqZ/eN   
   7hoX6VnpzBeRbs2fos4e4LoyZhQxIp2uFhi4HkoOA5iLjG/R7dHlAFVJimMrprHZ   
   xobvNg4WOxWfLsC3xEpo189hLxfHbA==   
   =FcGH   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca