Release Info

Advisory: CLSA-2025:1761312327

OS: Debian 10 ELS

Public date: 2025-10-24 13:25:37.369345

Project: libxml2

Version: 2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5

Errata link: https://errata.tuxcare.com/els_os/debian10els/CLSA-2025-1761312327.html

Changelog

* SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714

Update

Update command: apt-get update apt-get --only-upgrade install libxml2*

Packages list

libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb libxml2-doc_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_all.deb libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.10+tuxcare.els5_amd64.deb

CVEs

CVE-2025-32415
CVE-2022-49043
CVE-2025-32414
CVE-2024-25062
CVE-2025-27113