Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE Linux Micro 6.2 Libxml2 Libxslt Moderate Resource Issues 2026-20647-1

suse
Calendar Grey March 9, 2026
Dist Suse Esm H88
Update for SUSE libxml2 and libxslt addresses multiple issues including resource consumption and potential crashes.
An update that solves five vulnerabilities and has eight fixes can now be installed.

Summary

## This update for libxml2, libxslt fixes the following issues: Changes in libxml2: * CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811). * CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `nextCatalog` elements (bsc#1256809, bsc#1256812). * CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858). * CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595). * CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553) ## Patch Instructions:

References

* bsc#1247850

* bsc#1247858

* bsc#1250553

* bsc#1256804

* bsc#1256807

* bsc#1256808

* bsc#1256809

* bsc#1256810

* bsc#1256811

* bsc#1256812

* bsc#1257593

* bsc#1257594

* bsc#1257595

Cross-

* CVE-2025-10911

* CVE-2025-8732

* CVE-2026-0990

* CVE-2026-0992

* CVE-2026-1757

CVSS scores:

* CVE-2025-10911 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-10911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2025-10911 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2025-8732 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-8732 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2025-8732 ( NVD ): 1.9

Announcement ID: SUSE-SU-2026:20647-1
Release Date: 2026-03-04T10:48:20Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here