All errata/c9f2/ALT-PU-2026-5185-2
ALT-PU-2026-5185-2

Package update libxml2 in branch c9f2

Version2.9.12-alt1.c9f2.8
Task#412653
Published2026-03-30
Max severityMEDIUM
Severity:

Closed issues (6)

BDU:2026-03631
MEDIUM5.9

Уязвимость библиотеки libxml2, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-25Modified: 2026-05-06
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C
References
BDU:2026-03632
LOW2.9

Уязвимость библиотеки libxml2, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-25Modified: 2026-05-06
CVSS 3.xLOW 2.9
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0LOW 1.2
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:N/A:P
References
BDU:2026-03633
LOW3.7

Уязвимость библиотеки libxml2, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-25Modified: 2026-05-06
CVSS 3.xLOW 3.7
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P
References
CVE-2026-0989
LOW3.7

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Published: 2026-01-15Modified: 2026-04-22
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
References
CVE-2026-0990
MEDIUM5.9

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Published: 2026-01-15Modified: 2026-04-22
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2026-0992
LOW2.9

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Published: 2026-01-15Modified: 2026-04-22
CVSS 3.xLOW 2.9
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
References