An update has been released for the libxml2 package on both Slackware Linux 15.0 and its -current version, addressing important security vulnerabilities. The updated package is identified as libxml2 (SSA:2025-108-01) and is now available in the Slackware repositories.
- Security Fixes:
- Addresses a heap buffer overflow issue in `xmlSchemaIDCFillNodeTables`.
- Limits reading to a maximum of one-fourth of the length in the Python bindings.
- CVE References:
- More details can be found on the official CVE website for vulnerabilities CVE-2025-32415 and CVE-2025-32414.
- Slackware 15.0 (i586): [Download](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-3_slack15.0.txz)
- Slackware 15.0 (x86_64): [Download](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-3_slack15.0.txz)
- Slackware -current (i686): [Download](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.13.8-i686-1.txz)
- Slackware -current (x86_64): [Download](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.13.8-x86_64-1.txz)
- Slackware 15.0 (x86_64): `f6077c429ba0bc6ad4196197e1c61cf4`
- Slackware -current (i686): `3cd7880c07b1113f73f5a2151b240271`
- Slackware -current (x86_64): `5123acee55c9643b28b0bc19d016c6dd`
This update is crucial for maintaining security in applications that depend on libxml2, making it essential for all users running Slackware to perform the upgrade promptly
Key Highlights of the Update:
- Version: libxml2-2.11.9 (for Slackware 15.0) and libxml2-2.13.8 (for Slackware -current).- Security Fixes:
- Addresses a heap buffer overflow issue in `xmlSchemaIDCFillNodeTables`.
- Limits reading to a maximum of one-fourth of the length in the Python bindings.
- CVE References:
- More details can be found on the official CVE website for vulnerabilities CVE-2025-32415 and CVE-2025-32414.
Download Locations:
Users can obtain the updated packages from the following links:- Slackware 15.0 (i586): [Download](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-3_slack15.0.txz)
- Slackware 15.0 (x86_64): [Download](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-3_slack15.0.txz)
- Slackware -current (i686): [Download](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.13.8-i686-1.txz)
- Slackware -current (x86_64): [Download](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.13.8-x86_64-1.txz)
MD5 Signatures for Verification:
- Slackware 15.0 (i586): `ca3addf4562fbec5a6dec74cd8e18877`- Slackware 15.0 (x86_64): `f6077c429ba0bc6ad4196197e1c61cf4`
- Slackware -current (i686): `3cd7880c07b1113f73f5a2151b240271`
- Slackware -current (x86_64): `5123acee55c9643b28b0bc19d016c6dd`
Installation Instructions:
To upgrade the package, users should execute the following command as root:bashupgradepkg libxml2-2.11.9-i586-3_slack15.0.txz
Additional Information:
The Slackware Linux Security Team has provided this update to enhance the security posture of the operating system, ensuring users have access to the latest fixes. For further details, users can visit the Slackware website or consult the GPG key for verification purposes.This update is crucial for maintaining security in applications that depend on libxml2, making it essential for all users running Slackware to perform the upgrade promptly
Libxml2 update for Slackware
Updated libxml2 packages have been released for Slackware Linux 15.0 and -current:
libxml2 (SSA:2025-108-01)
