Oracle Linux 7 ELSA-2025-2673 Important: libxml2 buffer overread
oracle
April 1, 2025
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
Summary
[2.9.1-6.0.5]
- Fix CVE-2024-56171 [Orabug: 37694105]
- Fix CVE-2025-24928 [Orabug: 37694105] [2.9.1-6.0.3]
- Rebuild to include attribution logo [Orabug: 33024216]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-6.6]
- Fix CVE-2016-4658 (#1966916) [2.9.1-6.5]
- Fix CVE-2019-19956 (#1793000)
- Fix CVE-2019-20388 (#1810057)
- Fix CVE-2020-7595 (#1810073)
- Fix xsd:any schema validation (#1812145) [2.9.1-6.4]
- Fix CVE-2015-8035 (#1595697)
- Fix CVE-2018-14404 (#1602817)
- Fix CVE-2017-15412 (#1729857)
- Fix CVE-2016-5131 (#1714050)
- Fix CVE-2017-18258 (#1579211)
- Fix CVE-2018-1456 (#1622715) [libxml2-2.9.1-6.3]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat
SRPMs
http://oss.oracle.com/ol7/SRPMS-updates//libxml2-2.9.1-6.0.5.el7_9.6.src.rpm
x86_64
libxml2-2.9.1-6.0.5.el7_9.6.i686.rpm libxml2-2.9.1-6.0.5.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.0.5.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.0.5.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.0.5.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.0.5.el7_9.6.i686.rpm libxml2-static-2.9.1-6.0.5.el7_9.6.x86_64.rpm
aarch64
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Related CVEs: CVE-2024-56171
CVE-2025-24928
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!