Fix CVE-2025-49794 (RHEL-96395)
Resolves: RHEL-96395
This commit is contained in:
David King
parent
426bc6849c
commit
aa2ac8f7f5
43
libxml2-2.12.5-CVE-2025-49794.patch
Normal file
43
libxml2-2.12.5-CVE-2025-49794.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 529f65b0782efbe1137b2504aa1f06504a97dd0a Mon Sep 17 00:00:00 2001
|
||||
From: Michael Mann <mmann78@netscape.net>
|
||||
Date: Sat, 21 Jun 2025 12:51:24 -0400
|
||||
Subject: [PATCH] Schematron: Fix use after free
|
||||
|
||||
(CVE-2025-49794)
|
||||
|
||||
Fixes #931
|
||||
---
|
||||
schematron.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/schematron.c b/schematron.c
|
||||
index 5c1a27bf1..e2ec06d2c 100644
|
||||
--- a/schematron.c
|
||||
+++ b/schematron.c
|
||||
@@ -1380,8 +1380,11 @@ xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
|
||||
return(NULL);
|
||||
|
||||
if ((ret->type == XPATH_NODESET) &&
|
||||
- (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
|
||||
+ (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0)) {
|
||||
node = ret->nodesetval->nodeTab[0];
|
||||
+ /* Clear the nodeTab so the node data isn't freed below */
|
||||
+ ret->nodesetval->nodeTab[0] = NULL;
|
||||
+ }
|
||||
|
||||
xmlXPathFreeObject(ret);
|
||||
return(node);
|
||||
@@ -1446,6 +1449,10 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
|
||||
ret = xmlStrcat(ret, BAD_CAST ":");
|
||||
ret = xmlStrcat(ret, node->name);
|
||||
}
|
||||
+
|
||||
+ if ((path != NULL) && (node != cur))
|
||||
+ xmlXPathNodeSetFreeNs((xmlNsPtr)node);
|
||||
+
|
||||
} else if (IS_SCHEMATRON(child, "value-of")) {
|
||||
xmlChar *select;
|
||||
xmlXPathObjectPtr eval;
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -26,6 +26,8 @@ Patch3: libxml2-2.12.5-CVE-2024-56171.patch
|
||||
Patch4: libxml2-2.12.5-CVE-2025-24928.patch
|
||||
# https://issues.redhat.com/browse/RHEL-96495
|
||||
Patch5: libxml2-2.12.5-CVE-2025-6021.patch
|
||||
# https://issues.redhat.com/browse/RHEL-96995
|
||||
Patch6: libxml2-2.12.5-CVE-2025-49794.patch
|
||||
|
||||
BuildRequires: cmake-rpm-macros
|
||||
BuildRequires: gcc
|
||||
@ -168,6 +170,7 @@ popd
|
||||
%changelog
|
||||
* Mon Jun 16 2025 David King <dking@redhat.com> - 2.12.5-6
|
||||
- Fix CVE-2025-6021 (RHEL-96495)
|
||||
- Fix CVE-2025-49794 (RHEL-96395)
|
||||
|
||||
* Mon Feb 24 2025 David King <dking@redhat.com> - 2.12.5-5
|
||||
- Fix CVE-2024-56171 (RHEL-80119)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user