Msrc Cbl2 Libxslt 1.1.34-8 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-11731 [LOW] CWE-843 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt Libxslt: type confusion in exsltfuncresultcompfunction of libxslt Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-10911 [MEDIUM] CWE-825 Libxslt: use-after-free with key data stored cross-rvt Libxslt: use-after-free with key data stored cross-rvt FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2025-7424 [HIGH] CWE-843 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2025-7425 [HIGH] CWE-416 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure v

CVE-2024-55549 [HIGH] CWE-416 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2025-24855 [HIGH] CWE-416 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsl numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResult