ELSA-2026-22420

ELSA-2026-22420 - libxml2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-06-29

Description

[2.9.1-6.0.13.6]
- Backport fix for CVE-2025-9714 [Orabug: 39476695]

[2.9.1-6.0.11.6]
- Fix CVE-2025-32415: Fix heap buffer overflow [Orabug: 38310750]

[2.9.1-6.0.9.6]
- Fix CVE-2025-7425: heap-use-after-free in xmlFreeID [Orabug: 38290330]

[2.9.1-6.0.7.6]
- Fix CVE-2025-6021, CVE-2025-32414, CVE-2025-49794, CVE-2025-49796
- [Orabug: 38255814]

[2.9.1-6.0.5]
- Fix CVE-2024-56171 [Orabug: 37694105]
- Fix CVE-2025-24928 [Orabug: 37694105]

Related CVEs

CVE-2025-9714

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (x86_64)	libxml2-2.9.1-6.0.13.el7_9.6.src.rpm	fd1ac0aa7daecfa3e9a36ff75a95fb9b1ff788bcea3cb1a9bde7565366f36b89	-	ol7_x86_64_latest_ELS
	libxml2-2.9.1-6.0.13.el7_9.6.i686.rpm	a1015f098851e311a2eae6a0724602e88e67ea59813f4456ce34985ea0f001c9	-	ol7_x86_64_latest_ELS
	libxml2-2.9.1-6.0.13.el7_9.6.x86_64.rpm	fd28eb1f5c1225079903da76c3cfa38fc209432f9026ec257a3fbb876b5a4a02	-	ol7_x86_64_latest_ELS
	libxml2-devel-2.9.1-6.0.13.el7_9.6.i686.rpm	14f8cdd94909272551ddcacce72f978bcd663865e2c7362c2576bdf21c725680	-	ol7_x86_64_latest_ELS
	libxml2-devel-2.9.1-6.0.13.el7_9.6.x86_64.rpm	4b6f728ecca81286a819e427bc06ff90eacc00476d3ba18cea944a52d18dd3a5	-	ol7_x86_64_latest_ELS
	libxml2-python-2.9.1-6.0.13.el7_9.6.x86_64.rpm	f0dd4c0d2bdb2c3ba53ac6ada0f66f2d6af11ac883f5bb1e527166e7840d689f	-	ol7_x86_64_latest_ELS
	libxml2-static-2.9.1-6.0.13.el7_9.6.i686.rpm	a9b3f9cff567d4fb63c9215b5b96b1ce4f1fff631780366a243a18f165c4a6e4	-	ol7_x86_64_latest_ELS
	libxml2-static-2.9.1-6.0.13.el7_9.6.x86_64.rpm	776d197e623e51682b0d136069caf2930b1c8b10eb53926929944ea502c679ac	-	ol7_x86_64_latest_ELS

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team