Security update for libxml2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1438-1 Final 1 1 2025-05-02T13:44:11Z current 2025-05-02T13:44:11Z 2025-05-02T13:44:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxml2 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/kiwi:latest-2025-1438,Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest-2025-1438,Container suse/ltss/sle15.5/sle15:latest-2025-1438,Container suse/postgres:16-2025-1438,Container suse/sle-micro/5.5/toolbox:latest-2025-1438,Container suse/sle-micro/5.5:latest-2025-1438,Container suse/sle-micro/base-5.5:latest-2025-1438,Container suse/sle-micro/kvm-5.5:latest-2025-1438,Container suse/sle-micro/rt-5.5:latest-2025-1438,Container suse/sle15:15.6-2025-1438,SUSE-2025-1438,SUSE-SLE-Micro-5.5-2025-1438,SUSE-SLE-Module-Basesystem-15-SP6-2025-1438,SUSE-SLE-Module-Python3-15-SP6-2025-1438,openSUSE-SLE-15.6-2025-1438 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251438-1/ Link for SUSE-SU-2025:1438-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039133.html E-Mail link for SUSE-SU-2025:1438-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1241453 SUSE Bug 1241453 https://bugzilla.suse.com/1241551 SUSE Bug 1241551 https://www.suse.com/security/cve/CVE-2025-32414/ SUSE CVE CVE-2025-32414 page https://www.suse.com/security/cve/CVE-2025-32415/ SUSE CVE CVE-2025-32415 page Container bci/kiwi:latest Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container suse/ltss/sle15.5/sle15:latest Container suse/postgres:16 Container suse/sle-micro/5.5/toolbox:latest Container suse/sle-micro/5.5:latest Container suse/sle-micro/base-5.5:latest Container suse/sle-micro/kvm-5.5:latest Container suse/sle-micro/rt-5.5:latest Container suse/sle15:15.6 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 openSUSE Leap 15.6 libxml2-devel-2.10.3-150500.5.26.1 libxml2-tools-2.10.3-150500.5.26.1 libxml2-2-2.10.3-150500.5.26.1 libxml2-2-32bit-2.10.3-150500.5.26.1 libxml2-2-64bit-2.10.3-150500.5.26.1 libxml2-devel-32bit-2.10.3-150500.5.26.1 libxml2-devel-64bit-2.10.3-150500.5.26.1 libxml2-doc-2.10.3-150500.5.26.1 python3-libxml2-2.10.3-150500.5.26.1 python311-libxml2-2.10.3-150500.5.26.1 libxml2-devel-2.10.3-150500.5.26.1 as a component of Container bci/kiwi:latest libxml2-tools-2.10.3-150500.5.26.1 as a component of Container bci/kiwi:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/ltss/sle15.5/sle15:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/postgres:16 libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle-micro/5.5/toolbox:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle-micro/5.5:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle-micro/base-5.5:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle-micro/kvm-5.5:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle-micro/rt-5.5:latest libxml2-2-2.10.3-150500.5.26.1 as a component of Container suse/sle15:15.6 libxml2-2-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Micro 5.5 libxml2-tools-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Micro 5.5 python3-libxml2-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Micro 5.5 libxml2-2-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libxml2-2-32bit-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libxml2-devel-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libxml2-tools-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 python3-libxml2-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 python311-libxml2-2.10.3-150500.5.26.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 libxml2-2-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 libxml2-2-32bit-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 libxml2-devel-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 libxml2-devel-32bit-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 libxml2-doc-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 libxml2-tools-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 python3-libxml2-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 python311-libxml2-2.10.3-150500.5.26.1 as a component of openSUSE Leap 15.6 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. CVE-2025-32414 Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.26.1 Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.26.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/ltss/sle15.5/sle15:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/postgres:16:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/5.5/toolbox:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/base-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/kvm-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/rt-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle15:15.6:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:libxml2-tools-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:python3-libxml2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-2-32bit-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-devel-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-tools-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-libxml2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-libxml2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-2-32bit-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-devel-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-devel-32bit-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-doc-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-tools-2.10.3-150500.5.26.1 openSUSE Leap 15.6:python3-libxml2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:python311-libxml2-2.10.3-150500.5.26.1 moderate 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251438-1/ https://www.suse.com/security/cve/CVE-2025-32414.html CVE-2025-32414 https://bugzilla.suse.com/1241551 SUSE Bug 1241551 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. CVE-2025-32415 Container bci/kiwi:latest:libxml2-devel-2.10.3-150500.5.26.1 Container bci/kiwi:latest:libxml2-tools-2.10.3-150500.5.26.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/ltss/sle15.5/sle15:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/postgres:16:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/5.5/toolbox:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/base-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/kvm-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle-micro/rt-5.5:latest:libxml2-2-2.10.3-150500.5.26.1 Container suse/sle15:15.6:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:libxml2-tools-2.10.3-150500.5.26.1 SUSE Linux Enterprise Micro 5.5:python3-libxml2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-2-32bit-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-devel-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml2-tools-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-libxml2-2.10.3-150500.5.26.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-libxml2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-2-32bit-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-devel-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-devel-32bit-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-doc-2.10.3-150500.5.26.1 openSUSE Leap 15.6:libxml2-tools-2.10.3-150500.5.26.1 openSUSE Leap 15.6:python3-libxml2-2.10.3-150500.5.26.1 openSUSE Leap 15.6:python311-libxml2-2.10.3-150500.5.26.1 low 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251438-1/ https://www.suse.com/security/cve/CVE-2025-32415.html CVE-2025-32415 https://bugzilla.suse.com/1241453 SUSE Bug 1241453