Tsib qhov tsis zoo tau raug txheeb xyuas nyob rau hauv Libxml2 lub tsev qiv ntawv, tsim los ntawm GNOME qhov project thiab siv los txheeb xyuas cov ntsiab lus XML, ob qho uas tuaj yeem ua rau muaj kev ua txhaum cai thaum ua cov ntaub ntawv tshwj xeeb tsim tawm sab nraud. Lub tsev qiv ntawv Libxml5 tau siv dav hauv cov haujlwm qhib thiab, piv txwv li, yog siv los ua kev vam khom hauv ntau dua 2 pob khoom los ntawm Ubuntu.
Thawj qhov muaj qhov tsis zoo (CVE-2025-6170) yog tshwm sim los ntawm qhov tsis sib xws hauv kev siv xmllint sib tham sib plhaub siv los txheeb xyuas cov ntaub ntawv XML. Lub overflow tshwm sim thaum ua cov lus txib ntev heev vim tias tsis muaj kev siv tau zoo ntawm cov ntaub ntawv tawm tswv yim ua ntej luam cov ntaub ntawv siv cov haujlwm strcpy() . Txhawm rau siv qhov tsis zoo, tus neeg tawm tsam yuav tsum muaj peev xwm cuam tshuam cov lus txib dhau mus rau xmllint utility. Ib thaj kho kom kho qhov tsis zoo tseem tsis tau muaj.
Qhov thib ob qhov tsis zoo (CVE-2025-6021) yog tam sim no nyob rau hauv qhov kev siv ntawm xmlBuildQName() muaj nuj nqi thiab ua rau kev sau cov ntaub ntawv dhau ntawm qhov tsis muaj vim muaj tus lej overflow thaum xam qhov tsis loj raws li lub npe ua ntej thiab lub npe hauv zos. Txhawm rau siv qhov tsis zoo, tus neeg tawm tsam yuav tsum hloov lawv cov ntaub ntawv rau hauv cov lus ua ntej thiab ncname cov lus sib cav dhau mus rau xmlBuildQName() muaj nuj nqi. Ib thaj tsam tau npaj los tshem tawm qhov tsis zoo. Qhov kho yog suav nrog hauv libxml2 2.14.4 tso tawm. Koj tuaj yeem tshawb xyuas cov xwm txheej ntawm cov ntawv tshiab ntawm pob lossis kev npaj kho qhov kev faib tawm ntawm nplooj ntawv hauv qab no (yog tias nplooj ntawv tsis muaj, nws txhais tau tias cov neeg tsim khoom faib khoom tseem tsis tau pib xav txog qhov teeb meem): Debian, Ubuntu, Fedora, SUSE/openSUSE, RHEL, Gentoo thiab Arch (1, 2).
Lwm qhov peb qhov teeb meem ua rau muaj kev sib tsoo vim muaj kev nkag mus rau qhov chaw nco tau tso tawm hauv xmlSchematronGetNode muaj nuj nqi (CVE-2025-49794), tus taw qhia tsis zoo hauv xmlXPathCompiledEval muaj nuj nqi (CVE-2025-49795), thiab kev tuav tsis raug ntawm hom kev ua haujlwm (Type Reports) (CVE-2025-49796). Txhawm rau daws cov teeb meem no, qhov ua tau ntawm kev tshem tawm kev txhawb nqa rau Schematron markup lus los ntawm libxml2 raug txiav txim siab.
Tsis tas li ntawd, peb qhov tsis muaj kev tiv thaiv tsis tau raug sau tseg nyob rau hauv lub tsev qiv ntawv libxslt uas tsis tau saib xyuas. Cov ntaub ntawv hais txog cov teeb meem no tseem tsis tau tshaj tawm thiab tau teem sijhawm tshaj tawm rau Lub Xya Hli 9, Lub Xya Hli 13, thiab Lub Yim Hli 6. Tsis muaj kev tiv thaiv thiab tsis tau tshaj tawm qhov tsis zoo kuj tau sau tseg hauv GNOME cov haujlwm ntsig txog gvfs, libgxps, gdm, glib, GIMP, thiab libsoup.
Hloov tshiab: Tus neeg saib xyuas libxml2 tau tshaj tawm tias tam sim no lawv yuav kho qhov tsis zoo raws li cov kab mob tsis tu ncua, tsis muab qhov tseem ceeb rau lawv, kho lawv thaum lawv muaj sijhawm, thiab tam sim ntawd nthuav tawm qhov xwm txheej ntawm qhov tsis zoo yam tsis muaj kev txwv lossis muab sijhawm los kho lawv hauv cov khoom thib peb.
Tau qhov twg los: opennet.ru
