ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

Release Info

Advisory: CLSA-2025:1752654760

OS: CentOS 8.4 ELS

Public date: 2025-07-16 08:32:42

Project: libxml2

Version: 2.9.7-9.el8_4.2.tuxcare.els11

Errata link: https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2025-1752654760.html

Changelog

- CVE-2025-49794: fix use-after-free issue triggered by processing certain <sch:name path="..."/> elements in input XML file. - CVE-2025-49796: fix memory corruption issue triggered by processing certain sch:name elements in input XML file. - CVE-2025-6021: fix integer overflow in buffer size calculations to prevent stack-based buffer overflow

Update

Update command: dnf update libxml2*

Packages list

libxml2-2.9.7-9.el8_4.2.tuxcare.els11.i686.rpm libxml2-2.9.7-9.el8_4.2.tuxcare.els11.x86_64.rpm libxml2-devel-2.9.7-9.el8_4.2.tuxcare.els11.i686.rpm libxml2-devel-2.9.7-9.el8_4.2.tuxcare.els11.x86_64.rpm libxml2-static-2.9.7-9.el8_4.2.tuxcare.els11.x86_64.rpm python3-libxml2-2.9.7-9.el8_4.2.tuxcare.els11.x86_64.rpm

CVEs

CVE-2025-49794

CVE-2025-49796

CVE-2025-6021