ELA-1412-1 libxml2 security update

out-of-bounds memory access in Python API and heap-buffer-overflow

2025-04-30
Packagelibxml2
Version2.9.1+dfsg1-5+deb8u19 (jessie), 2.9.4+dfsg1-2.2+deb9u13 (stretch), 2.9.4+dfsg1-7+deb10u11 (buster)
Related CVEs CVE-2025-32414 CVE-2025-32415


Two issues have been found in libxml2, the GNOME XML library. They are related to an out-of-bounds memory access in the Python API and a heap-buffer-overflow in xmlSchemaIDCFillNodeTables().



For Debian 10 buster, these problems have been fixed in version 2.9.4+dfsg1-7+deb10u11.

For Debian 8 jessie, these problems have been fixed in version 2.9.1+dfsg1-5+deb8u19.

For Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u13.

We recommend that you upgrade your libxml2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.