{"id":"MGASA-2026-0027","summary":"Updated libxml2 packages fix security vulnerabilities","details":"xmlcatalog xmlParseSGMLCatalog recursion. (CVE-2025-8732)\nUnbounded relaxng include recursion leading to stack overflow.\n(CVE-2026-0989)\nDenial of service via uncontrolled recursion in xml catalog processing.\n(CVE-2026-0990)\nDenial of service via crafted xml catalogs. (CVE-2026-0992)\n","modified":"2026-04-16T04:44:19.503984480Z","published":"2026-01-30T00:39:37Z","upstream":["CVE-2025-8732","CVE-2026-0989","CVE-2026-0990","CVE-2026-0992"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0027.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35058"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7974-1"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.4-1.9.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0027.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}