RHSA-2025:19020HighCVSS 9.1
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP2 security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2025-6021 — libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 CVE-2025-49794 — libxml: Heap use after free (UAF) leads to Denial of service (DoS) CVE-2025-49795 — libxml: Null pointer dereference leads to Denial of service (DoS) CVE-2025-49796 — libxml: Type confusion leads to Denial of service (DoS) CVE-2025-59375 — firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2025:19020
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_2_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372373
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372385
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2395108
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19020.json