Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-32414 (GCVE-0-2025-32414)
Vulnerability from cvelistv5 – Published: 2025-04-08 00:00 – Updated: 2025-11-03 19:53
VLAI
EPSS
Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Severity
5.6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-393 - Return of Wrong Status Code
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32414",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:56:33.455181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:57:02.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:25.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxml2",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "2.13.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.14.2",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-393",
"description": "CWE-393 Return of Wrong Status Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T02:55:58.812Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32414",
"datePublished": "2025-04-08T00:00:00.000Z",
"dateReserved": "2025-04-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:53:25.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-32414",
"date": "2026-06-04",
"epss": "0.00034",
"percentile": "0.10513"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-32414\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-04-08T03:15:15.940\",\"lastModified\":\"2025-11-03T20:18:27.087\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.\"},{\"lang\":\"es\",\"value\":\"En libxml2 anterior a la versi\u00f3n 2.13.8 y 2.14.x anterior a la versi\u00f3n 2.14.2, se pueden producir accesos a memoria fuera de los l\u00edmites en la API de Python (enlaces de Python) debido a un valor de retorno incorrecto. Esto ocurre en xmlPythonFileRead y xmlPythonFileReadRaw debido a una diferencia entre bytes y caracteres.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-393\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.8\",\"matchCriteriaId\":\"DF308A16-618A-44BE-900E-3B65DCC0E428\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.0\",\"versionEndExcluding\":\"2.14.2\",\"matchCriteriaId\":\"9878007F-7139-47DE-BD8F-E0DFCAD038B7\"}]}]}],\"references\":[{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:53:25.162Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32414\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-09T14:56:33.455181Z\"}}}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-09T14:56:56.583Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.6, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\"}}], \"affected\": [{\"vendor\": \"xmlsoft\", \"product\": \"libxml2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.13.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.14.0\", \"lessThan\": \"2.14.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-393\", \"description\": \"CWE-393 Return of Wrong Status Code\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.13.8\"}, {\"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.14.2\", \"versionStartIncluding\": \"2.14.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-04-08T02:55:58.812Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-32414\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:53:25.162Z\", \"dateReserved\": \"2025-04-08T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-04-08T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:13683
Vulnerability from csaf_redhat - Published: 2025-08-12 12:30 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: libxml2 security update
Severity
Moderate
Notes
Topic: An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13683",
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13683.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:38+00:00",
"generator": {
"date": "2026-06-02T15:23:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:13683",
"initial_release_date": "2025-08-12T12:30:08+00:00",
"revision_history": [
{
"date": "2025-08-12T12:30:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T12:30:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.src",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_id": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product_id": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:30:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:30:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13683"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"AppStream-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"AppStream-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.src",
"BaseOS-9.2.0.Z.E4S:libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-debugsource-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:libxml2-devel-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-0:2.9.13-3.el9_2.9.x86_64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.aarch64",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.i686",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.ppc64le",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.s390x",
"BaseOS-9.2.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:13684
Vulnerability from csaf_redhat - Published: 2025-08-12 12:25 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: libxml2 security update
Severity
Moderate
Notes
Topic: An update for libxml2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libxml2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:13684",
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13684.json"
}
],
"title": "Red Hat Security Advisory: libxml2 security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:38+00:00",
"generator": {
"date": "2026-06-02T15:23:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:13684",
"initial_release_date": "2025-08-12T12:25:23+00:00",
"revision_history": [
{
"date": "2025-08-12T12:25:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-12T12:25:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.src",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_id": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_id": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-1.el9_0.7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product_id": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libxml2-devel@2.9.13-1.el9_0.7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
},
"product_reference": "python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:25:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-12T12:25:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:13684"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"AppStream-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"AppStream-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.src",
"BaseOS-9.0.0.Z.E4S:libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-debugsource-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:libxml2-devel-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-0:2.9.13-1.el9_0.7.x86_64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.aarch64",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.i686",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.ppc64le",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.s390x",
"BaseOS-9.0.0.Z.E4S:python3-libxml2-debuginfo-0:2.9.13-1.el9_0.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:14059
Vulnerability from csaf_redhat - Published: 2025-08-27 21:46 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.17.38 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.17.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.38. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:13976
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
43 references
Acknowledgments
Ahmed Lekssays
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.17.38 is now available with updates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container Platform 4.17.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.17.38. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:13976\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14059",
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-54599",
"url": "https://issues.redhat.com/browse/OCPBUGS-54599"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14059.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.17.38 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:50+00:00",
"generator": {
"date": "2026-06-02T15:23:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14059",
"initial_release_date": "2025-08-27T21:46:50+00:00",
"revision_history": [
{
"date": "2025-08-27T21:46:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-27T21:46:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-417.94.202508141510-0",
"product": {
"name": "rhcos-aarch64-417.94.202508141510-0",
"product_id": "rhcos-aarch64-417.94.202508141510-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202508141510?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-417.94.202508141510-0",
"product": {
"name": "rhcos-ppc64le-417.94.202508141510-0",
"product_id": "rhcos-ppc64le-417.94.202508141510-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202508141510?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-417.94.202508141510-0",
"product": {
"name": "rhcos-s390x-417.94.202508141510-0",
"product_id": "rhcos-s390x-417.94.202508141510-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202508141510?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-417.94.202508141510-0",
"product": {
"name": "rhcos-x86_64-417.94.202508141510-0",
"product_id": "rhcos-x86_64-417.94.202508141510-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@417.94.202508141510?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-417.94.202508141510-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0"
},
"product_reference": "rhcos-aarch64-417.94.202508141510-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-417.94.202508141510-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0"
},
"product_reference": "rhcos-ppc64le-417.94.202508141510-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-417.94.202508141510-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0"
},
"product_reference": "rhcos-s390x-417.94.202508141510-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-417.94.202508141510-0 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
},
"product_reference": "rhcos-x86_64-417.94.202508141510-0",
"relates_to_product_reference": "9Base-RHOSE-4.17"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-27T21:46:50+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:fea49ae633643615f8707ecbe801b484181b87db0746d2d85592768dbddf43c9\n\n (For s390x architecture)\n The image digest is sha256:d3e9032b799e87cc82121c9da006d375845134120205fa2aa2edca033abf97d3\n\n (For ppc64le architecture)\n The image digest is sha256:6c6251666a8e89289819cdb9dd7269d1ab2d90fdcb96c2b15b2e04908d15fd88\n\n (For aarch64 architecture)\n The image digest is sha256:3b83546dc680f6e3975faf101471c4e29fdc76f406327665e22f63ff406246c0\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.17:rhcos-aarch64-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-ppc64le-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-s390x-417.94.202508141510-0",
"9Base-RHOSE-4.17:rhcos-x86_64-417.94.202508141510-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
RHSA-2025:14644
Vulnerability from csaf_redhat - Published: 2025-08-26 15:51 - Updated: 2026-06-02 15:24Summary
Red Hat Security Advisory: Insights proxy Container Image
Severity
Important
Notes
Topic: Initial GA Release of Red Hat Insights proxy
Details: The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.
The Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights.\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14644",
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32414",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14644.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-06-02T15:24:58+00:00",
"generator": {
"date": "2026-06-02T15:24:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14644",
"initial_release_date": "2025-08-26T15:51:25+00:00",
"revision_history": [
{
"date": "2025-08-26T15:51:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-26T15:51:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:24:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3A3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ab7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy\u0026tag=1.5.6-1756187445"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T15:51:25+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat Insights proxy product RPM.\nBefore applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14644"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:b7f671263af799e681ccca9b07420c1b5cee369282b5e1520557ee2414618652_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:14818
Vulnerability from csaf_redhat - Published: 2025-09-04 17:03 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.18.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.23. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:14816
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
23 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.23 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.23. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:14816\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14818",
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-54598",
"url": "https://issues.redhat.com/browse/OCPBUGS-54598"
},
{
"category": "external",
"summary": "OCPBUGS-60201",
"url": "https://issues.redhat.com/browse/OCPBUGS-60201"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14818.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:56+00:00",
"generator": {
"date": "2026-06-02T15:23:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14818",
"initial_release_date": "2025-09-04T17:03:51+00:00",
"revision_history": [
{
"date": "2025-09-04T17:03:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:03:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-418.94.202508261658-0",
"product": {
"name": "rhcos-aarch64-418.94.202508261658-0",
"product_id": "rhcos-aarch64-418.94.202508261658-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202508261658?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-418.94.202508261658-0",
"product": {
"name": "rhcos-ppc64le-418.94.202508261658-0",
"product_id": "rhcos-ppc64le-418.94.202508261658-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202508261658?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-418.94.202508261658-0",
"product": {
"name": "rhcos-s390x-418.94.202508261658-0",
"product_id": "rhcos-s390x-418.94.202508261658-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202508261658?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-418.94.202508261658-0",
"product": {
"name": "rhcos-x86_64-418.94.202508261658-0",
"product_id": "rhcos-x86_64-418.94.202508261658-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202508261658?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-418.94.202508261658-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0"
},
"product_reference": "rhcos-aarch64-418.94.202508261658-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-418.94.202508261658-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0"
},
"product_reference": "rhcos-ppc64le-418.94.202508261658-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-418.94.202508261658-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0"
},
"product_reference": "rhcos-s390x-418.94.202508261658-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-418.94.202508261658-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
},
"product_reference": "rhcos-x86_64-418.94.202508261658-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:03:51+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata or x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38\n\n (For s390x architecture)\n The image digest is sha256:893ccb2c14b7d7051cbe36098fd1f5655685e4798e0e5dfef7848ed40c8defde\n\n (For ppc64le architecture)\n The image digest is sha256:0833db4c468d81168bb43c46ad0f1af1cf7966b39fa3e2b519725cf96a784c3a\n\n (For aarch64 architecture)\n The image digest is sha256:aac369ac9c41f62395ec14d2ea7d8a577a5dcc796c5f2bdf0c615ff58bbeb76b\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14818"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202508261658-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202508261658-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:14819
Vulnerability from csaf_redhat - Published: 2025-09-02 19:25 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.19.10 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.19.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.19.10. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:14817
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
25 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.19.10 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.19.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.19.10. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:14817\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14819",
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "OCPBUGS-58905",
"url": "https://issues.redhat.com/browse/OCPBUGS-58905"
},
{
"category": "external",
"summary": "OCPBUGS-60925",
"url": "https://issues.redhat.com/browse/OCPBUGS-60925"
},
{
"category": "external",
"summary": "OCPBUGS-60949",
"url": "https://issues.redhat.com/browse/OCPBUGS-60949"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14819.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:56+00:00",
"generator": {
"date": "2026-06-02T15:23:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14819",
"initial_release_date": "2025-09-02T19:25:33+00:00",
"revision_history": [
{
"date": "2025-09-02T19:25:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-02T19:25:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.19",
"product": {
"name": "Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-4.19.9.6.202508271124-0",
"product": {
"name": "rhcos-aarch64-4.19.9.6.202508271124-0",
"product_id": "rhcos-aarch64-4.19.9.6.202508271124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202508271124?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-4.19.9.6.202508271124-0",
"product": {
"name": "rhcos-ppc64le-4.19.9.6.202508271124-0",
"product_id": "rhcos-ppc64le-4.19.9.6.202508271124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202508271124?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-4.19.9.6.202508271124-0",
"product": {
"name": "rhcos-s390x-4.19.9.6.202508271124-0",
"product_id": "rhcos-s390x-4.19.9.6.202508271124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202508271124?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-4.19.9.6.202508271124-0",
"product": {
"name": "rhcos-x86_64-4.19.9.6.202508271124-0",
"product_id": "rhcos-x86_64-4.19.9.6.202508271124-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@4.19.9.6.202508271124?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-4.19.9.6.202508271124-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0"
},
"product_reference": "rhcos-aarch64-4.19.9.6.202508271124-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-4.19.9.6.202508271124-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0"
},
"product_reference": "rhcos-ppc64le-4.19.9.6.202508271124-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-4.19.9.6.202508271124-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0"
},
"product_reference": "rhcos-s390x-4.19.9.6.202508271124-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-4.19.9.6.202508271124-0 as a component of Red Hat OpenShift Container Platform 4.19",
"product_id": "9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
},
"product_reference": "rhcos-x86_64-4.19.9.6.202508271124-0",
"relates_to_product_reference": "9Base-RHOSE-4.19"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T19:25:33+00:00",
"details": "For OpenShift Container Platform 4.19 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857\n\n (For s390x architecture)\n The image digest is sha256:a7abeba0f7c9f810ae85ce6cd7d12e926af6143f9236e3c09eec54f71504c999\n\n (For ppc64le architecture)\n The image digest is sha256:890b7b27500f0efaa9c10f45c59303d119fbe70a0d29762d45a279bd65e86745\n\n (For aarch64 architecture)\n The image digest is sha256:4d3205f720af3af84c842db70ce08f16c4f98a86ea63c57aa85fe5dc12c6d672\n\nAll OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14819"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.19:rhcos-aarch64-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-ppc64le-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-s390x-4.19.9.6.202508271124-0",
"9Base-RHOSE-4.19:rhcos-x86_64-4.19.9.6.202508271124-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
}
]
}
RHSA-2025:14853
Vulnerability from csaf_redhat - Published: 2025-09-04 17:05 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.14.56 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.14.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.14.56. There are no RPM packages for this release.
release:
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute
(jv_string_vfmt) (CVE-2025-48060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.14 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.
5.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
42 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.14.56 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.14.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.14.56. There are no RPM packages for this release.\nrelease:\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute\n(jv_string_vfmt) (CVE-2025-48060)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14853",
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14853.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:58+00:00",
"generator": {
"date": "2026-06-02T15:23:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14853",
"initial_release_date": "2025-09-04T17:05:30+00:00",
"revision_history": [
{
"date": "2025-09-04T17:05:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:05:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-414.92.202508270040-0",
"product": {
"name": "rhcos-aarch64-414.92.202508270040-0",
"product_id": "rhcos-aarch64-414.92.202508270040-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@414.92.202508270040?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-414.92.202508270040-0",
"product": {
"name": "rhcos-ppc64le-414.92.202508270040-0",
"product_id": "rhcos-ppc64le-414.92.202508270040-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@414.92.202508270040?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-414.92.202508270040-0",
"product": {
"name": "rhcos-s390x-414.92.202508270040-0",
"product_id": "rhcos-s390x-414.92.202508270040-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@414.92.202508270040?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-414.92.202508270040-0",
"product": {
"name": "rhcos-x86_64-414.92.202508270040-0",
"product_id": "rhcos-x86_64-414.92.202508270040-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@414.92.202508270040?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-414.92.202508270040-0 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0"
},
"product_reference": "rhcos-aarch64-414.92.202508270040-0",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-414.92.202508270040-0 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0"
},
"product_reference": "rhcos-ppc64le-414.92.202508270040-0",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-414.92.202508270040-0 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0"
},
"product_reference": "rhcos-s390x-414.92.202508270040-0",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-414.92.202508270040-0 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
},
"product_reference": "rhcos-x86_64-414.92.202508270040-0",
"relates_to_product_reference": "9Base-RHOSE-4.14"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-05-21T18:00:55.721838+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48060"
},
{
"category": "external",
"summary": "RHBZ#2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060"
},
{
"category": "external",
"summary": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w",
"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"
}
],
"release_date": "2025-05-21T17:32:43.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Do not process untrusted input with the jq command line JSON processor.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:30+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14\n\n (For s390x architecture)\n The image digest is sha256:758be0c12f06fadff01eb06d514ed48c306679706b3a82b72a2943f211003a7b\n\n (For ppc64le architecture)\n The image digest is sha256:9d022cdb3929572745d9b77d9f27e29fcc8ff5c7c5d04b404e81600601e7d6c7\n\n (For aarch64 architecture)\n The image digest is sha256:c75cf7a5560e7352860dcf9ae8f115a7ce7b45ca05744d65af7513ce4913ea7d\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14853"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.14:rhcos-aarch64-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-ppc64le-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-s390x-414.92.202508270040-0",
"9Base-RHOSE-4.14:rhcos-x86_64-414.92.202508270040-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
RHSA-2025:14858
Vulnerability from csaf_redhat - Published: 2025-09-04 17:05 - Updated: 2026-06-02 15:23Summary
Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.16.47 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.16.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.16.47. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2025:14854
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.16 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
Acknowledgments
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.16.47 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.16.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.16.47. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2025:14854\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14858",
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14858.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:23:59+00:00",
"generator": {
"date": "2026-06-02T15:23:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:14858",
"initial_release_date": "2025-09-04T17:05:36+00:00",
"revision_history": [
{
"date": "2025-09-04T17:05:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-04T17:05:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:23:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.16",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-416.94.202508261955-0",
"product": {
"name": "rhcos-aarch64-416.94.202508261955-0",
"product_id": "rhcos-aarch64-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-416.94.202508261955-0",
"product": {
"name": "rhcos-ppc64le-416.94.202508261955-0",
"product_id": "rhcos-ppc64le-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-416.94.202508261955-0",
"product": {
"name": "rhcos-s390x-416.94.202508261955-0",
"product_id": "rhcos-s390x-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-416.94.202508261955-0",
"product": {
"name": "rhcos-x86_64-416.94.202508261955-0",
"product_id": "rhcos-x86_64-416.94.202508261955-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202508261955?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0"
},
"product_reference": "rhcos-aarch64-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0"
},
"product_reference": "rhcos-ppc64le-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0"
},
"product_reference": "rhcos-s390x-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-416.94.202508261955-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
},
"product_reference": "rhcos-x86_64-416.94.202508261955-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T17:05:36+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:b2d8af25d1a0440fce3e16a7d5481a228c29bdf7510f9c2bbef241e495004992\n\n (For s390x architecture)\n The image digest is sha256:b8fa63beeecb258529d2b8b22fdd90ef4846691c8e41aaff2d02279d72563a25\n\n (For ppc64le architecture)\n The image digest is sha256:6847316b4a13f663f32227107ae23f31a223dcc3b7d1718da837b8a539e97212\n\n (For aarch64 architecture)\n The image digest is sha256:6a66ef4370c883267c500672f7c9b53293a431049fd0ec2496c9ab5ecdcc0ce5\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14858"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202508261955-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202508261955-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
RHSA-2025:15308
Vulnerability from csaf_redhat - Published: 2025-09-11 12:02 - Updated: 2026-06-02 15:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2025:15307
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)
* git: Git arbitrary code execution (CVE-2025-48384)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
36 references
Acknowledgments
Ahmed Lekssays
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.80 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.80. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2025:15307\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15308",
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15308.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.80 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:24:02+00:00",
"generator": {
"date": "2026-06-02T15:24:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:15308",
"initial_release_date": "2025-09-11T12:02:09+00:00",
"revision_history": [
{
"date": "2025-09-11T12:02:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-11T12:02:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:24:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-412.86.202509030110-0",
"product": {
"name": "rhcos-x86_64-412.86.202509030110-0",
"product_id": "rhcos-x86_64-412.86.202509030110-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@412.86.202509030110?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-412.86.202509030110-0 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
},
"product_reference": "rhcos-x86_64-412.86.202509030110-0",
"relates_to_product_reference": "8Base-RHOSE-4.12"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T12:02:09+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous erratamupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:7c5f757b5d3d2048052401dd057f3096890b4075ca9b86b5f890a8e4c6d38b85\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15308"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202509030110-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
}
]
}
RHSA-2025:15672
Vulnerability from csaf_redhat - Published: 2025-09-18 05:46 - Updated: 2026-06-02 15:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.13.60 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.13.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.13.60. There are no RPM packages for this release:
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes
Security Fix(es):
* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in
xmlAttrPtr (CVE-2025-7425)
* sudo: LPE via host option (CVE-2025-32462)
* git: Git arbitrary code execution (CVE-2025-48384)
* git: Git arbitrary file writes (CVE-2025-48385)
* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer
Overflow in libxml2 (CVE-2025-6021)
* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)
* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
(CVE-2025-32415)
* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute
(jv_string_vfmt) (CVE-2025-48060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.
8.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
55 references
Acknowledgments
Ahmed Lekssays
Google Project Zero
Sergei Glazunov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.13.60 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.60. There are no RPM packages for this release:\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nSecurity Fix(es):\n\n* libxslt: Heap Use-After-Free in libxslt caused by atype corruption in\nxmlAttrPtr (CVE-2025-7425)\n* sudo: LPE via host option (CVE-2025-32462)\n* git: Git arbitrary code execution (CVE-2025-48384)\n* git: Git arbitrary file writes (CVE-2025-48385)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer\nOverflow in libxml2 (CVE-2025-6021)\n* libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414)\n* libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables\n(CVE-2025-32415)\n* jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute\n(jv_string_vfmt) (CVE-2025-48060)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15672",
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15672.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:24:04+00:00",
"generator": {
"date": "2026-06-02T15:24:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:15672",
"initial_release_date": "2025-09-18T05:46:13+00:00",
"revision_history": [
{
"date": "2025-09-18T05:46:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-18T05:46:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:24:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-413.92.202509030117-0",
"product": {
"name": "rhcos-x86_64-413.92.202509030117-0",
"product_id": "rhcos-x86_64-413.92.202509030117-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@413.92.202509030117?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-413.92.202509030117-0 as a component of Red Hat OpenShift Container Platform 4.13",
"product_id": "9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
},
"product_reference": "rhcos-x86_64-413.92.202509030117-0",
"relates_to_product_reference": "9Base-RHOSE-4.13"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ahmed Lekssays"
]
}
],
"cve": "CVE-2025-6021",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-06-12T07:55:45.428000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372406"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6021"
},
{
"category": "external",
"summary": "RHBZ#2372406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
}
],
"release_date": "2025-06-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a successful exploitation of this bug requires local access, on top of that the path to exploitation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and characters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-32462",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-06-24T21:21:40.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374692"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sudo: LPE via host option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as a Local Privilege Escalation (LPE), meaning an attacker needs an authenticated account before they could exploit it. Due to this restriction, the severity is rated Important. Additionally, for a system to be vulnerable, it must already be in a non-default configuration.\n\nThe system\u2019s sudoers file must contain rules that define that user\u2019s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a \u201cGolden Image,\u201d and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems.\n\nIn situations where host A\u2019s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:\n```\nAlice\thostA = ALL\nBob\thostB = ALL\n```\nIf Bob logs into hostA and runs `sudo some command`, Sudo will check that Bob has permission to run `some command` on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command.\n\nHowever, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs `sudo -h hostB some command`. In this case, Sudo will verify that Bob has permission to run `some command` on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32462"
},
{
"category": "external",
"summary": "RHBZ#2374692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32462"
},
{
"category": "external",
"summary": "https://www.stratascale.com/resource/cve-2025-32462-sudo-host-option-vulnerability/",
"url": "https://www.stratascale.com/resource/cve-2025-32462-sudo-host-option-vulnerability/"
},
{
"category": "external",
"summary": "https://www.sudo.ws/security/advisories/host_any/",
"url": "https://www.sudo.ws/security/advisories/host_any/"
}
],
"release_date": "2025-06-30T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system.\n\nFor environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don\u2019t apply to a system are not included in the LDAP query results.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sudo: LPE via host option"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2025-05-21T18:00:55.721838+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48060"
},
{
"category": "external",
"summary": "RHBZ#2367842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48060"
},
{
"category": "external",
"summary": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w",
"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"
}
],
"release_date": "2025-05-21T17:32:43.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Do not process untrusted input with the jq command line JSON processor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)"
},
{
"cve": "CVE-2025-48384",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:48.297925+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378806"
}
],
"notes": [
{
"category": "description",
"text": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important and not Moderate flaw because it undermines Git\u2019s path and config integrity by allowing carriage return (\\r) injection to manipulate submodule checkout behavior. Git previously failed to quote config values containing trailing CR, causing the value to be misinterpreted when read back. In the context of submodules, this leads to incorrect path resolution, allowing an attacker to redirect the checkout path via a symlink to a sensitive directory like .git/modules/\u003csubmodule\u003e/hooks. If an executable post-checkout hook exists there, it could be inadvertently executed, resulting in arbitrary code execution during submodule operations. This is particularly dangerous in automated CI/CD pipelines or multi-repo projects where submodules are initialized or updated without manual inspection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48384"
},
{
"category": "external",
"summary": "RHBZ#2378806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
},
{
"category": "external",
"summary": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384",
"url": "https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384"
},
{
"category": "external",
"summary": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89",
"url": "https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
"url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-07-08T18:23:48.710000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using --recurse-submodules when cloning repositories from untrusted sources; instead, clone normally and only initialize or update submodules manually after reviewing them.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-08-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary code execution"
},
{
"cve": "CVE-2025-48385",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-07-08T19:00:55.106787+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378808"
}
],
"notes": [
{
"category": "description",
"text": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: Git arbitrary file writes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than a Moderate flaw because it enables protocol injection at the transport layer of Git\u0027s bundle-uri mechanism, allowing a remote server to manipulate how and where data is written on the client system during a clone operation. The lack of input sanitization on user-controlled values like the URI and target path means that malformed inputs containing spaces or newlines can break protocol framing, leading to arbitrary file writes. In scenarios such as CI pipelines, developer environments, or recursive clones with submodules, an attacker can exploit this to overwrite critical files or inject malicious content, potentially achieving remote code execution (RCE).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48385"
},
{
"category": "external",
"summary": "RHBZ#2378808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48385"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655",
"url": "https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655"
}
],
"release_date": "2025-07-08T18:23:44.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T05:46:13+00:00",
"details": "For OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:32f55a5ff24713e240a293ced4f8cb202bbdf482095593e226d1ea4397fefe8e\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.13:rhcos-x86_64-413.92.202509030117-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "git: Git arbitrary file writes"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…