UbuntuUpdates.org

Package "python3-libxml2"

Name: python3-libxml2

Description:

GNOME XML library - Python3 bindings
Latest version: 2.14.5+dfsg-0.2ubuntu0.1
Release: questing (25.10)
Level: security
Repository: universe
Head package: libxml2
Homepage: http://xmlsoft.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-libxml2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python3-libxml2" in Questing

Repository Area Version
base universe 2.14.5+dfsg-0.2
updates universe 2.14.5+dfsg-0.2ubuntu0.1

Changelog

Version: 2.14.5+dfsg-0.2ubuntu0.1 2026-01-22 22:19:15 UTC

  libxml2 (2.14.5+dfsg-0.2ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: Infinite recursion with SGML catalogs.
    - debian/patches/CVE-2025-8732.patch: Add catalog depth and checks in
      catalog.c. Add test files in result/catalogs/recursive and
      test/catalogs/recursive.sgml.
    - CVE-2025-8732
  * SECURITY UPDATE: Infinite recursion when resolving include directives in
    RelaxNG parser.
    - debian/patches/CVE-2026-0989.patch: Add xmlRelaxParserSetIncLImit in
      include/libxml/relaxng.h. Add include limit and checks in relaxng.c. Add
      test and test files in runtest.c,
      test/relaxng/include/include-limit.rng,
      test/relaxng/include/include-limit_1.rng,
      test/relaxng/include/include-limit_2.rng, and
      test/relaxng/include/include-limit_3.rng.
    - debian/libxml2-16.symbols: Add new xmlRelaxParserSetIncLImit symbol.
    - CVE-2026-0989
  * SECURITY UPDATE: Infinite recursion in URI dereferencing.
    - debian/patches/CVE-2026-0990.patch: Add MAX_CATAL_DEPTH and other checks
      in catalog.c.
    - CVE-2026-0990
  * SECURITY UPDATE: Uncontrolled resource consumption in catalogs.
    - debian/patches/CVE-2026-0992.patch: Add catalog duplication checks in
      catalog.c.
    - CVE-2026-0992

 -- Hlib Korzhynskyy <email address hidden> Wed, 21 Jan 2026 11:05:54 -0330
CVE-2025-8732 A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog o
CVE-2026-0989 A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on
CVE-2026-0990 A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an
CVE-2026-0992 A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeat


About   -   Send Feedback to @ubuntu_updates