Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:1003-1 important: libxslt update for critical threats

suse
Calendar Grey March 25, 2025
Dist Suse Esm H88
The latest release for libxslt rectifies critical vulnerabilities in SUSE systems, enhancing both security measures and overall reliability.
* bsc#1238591 * bsc#1239625 * bsc#1239637 Cross-References:

Summary

## This update for libxslt fixes the following issues: * CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) * CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) * CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1003=1 * SUSE Linux Enterprise Server 15 SP3 LTSS

Topics%20covered

Topics Covered

security advisory information disclosure patching SUSE libxslt use-after-free

References

* bsc#1238591

* bsc#1239625

* bsc#1239637

Cross-

* CVE-2023-40403

* CVE-2024-55549

* CVE-2025-24855

CVSS scores:

* CVE-2023-40403 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2023-40403 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2024-55549 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

* CVE-2024-55549 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

* CVE-2025-24855 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

* CVE-2025-24855 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.6

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

* SUSE Linux Enterprise Micro 5.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:1003-1
Release Date: 2025-03-25T08:42:21Z
Rating: important

Topics%20covered

Topics Covered

security advisory information disclosure patching SUSE libxslt use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here