libxml2: Fix CVE-2025-49794 & CVE-2025-49796 - linux/poky.git

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-07-14 15:57:11 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-21 09:17:59 -0700
commit	4a37001c6a4fcdfb6b8fb5627f555e6b9b8c010a (patch)
tree	fb08c21159a115e036c5a21109e7162c2e4d58a5 /scripts/patchtest
parent	58aa4f3e1befbf1a1143501cacb24d1ad4d9c629 (diff)
download	poky-4a37001c6a4fcdfb6b8fb5627f555e6b9b8c010a.tar.gz

libxml2: Fix CVE-2025-49794 & CVE-2025-49796

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. References: https://security-tracker.debian.org/tracker/CVE-2025-49794 https://security-tracker.debian.org/tracker/CVE-2025-49796 Upstream-patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b (From OE-Core rev: b0f34931f7ae35538d007add80e2f81c85fa950f) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/patchtest')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: