LibXML2 and Expat updates for AlmaLinux

AlmaLinux 2483 Published by

The AlmaLinux Security team has issued two updates: one for libxml2, rated as Moderate (CVE-2025-9714), and another for expat, rated as Important (CVE-2025-59375). The libxml2 update fixes an infinite recursion issue in the exsltDynMapFunction function of libexslt. The expat update addresses a vulnerability that allows attackers to trigger large dynamic memory allocations through parsing small XML documents.

ALSA-2025:22376: libxml2 security update (Moderate)
ALSA-2025:22175: expat security update (Important)




ALSA-2025:22376: libxml2 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-03

Summary:

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22376.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:22175: expat security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-03

Summary:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22175.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team


Firefox, LibTIFF, Kernel, and more updates for Oracle Linux

Python-Cbor2, Icinga2, CUPS, GEGL updates for SUSE Linux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...