Issue Overview: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. (CVE-2025-32414) In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. (CVE-2025-32415) Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update libxml2 to update your system. New Packages: aarch64:     libxml2-2.9.1-6.amzn2.5.17.aarch64     libxml2-devel-2.9.1-6.amzn2.5.17.aarch64     libxml2-static-2.9.1-6.amzn2.5.17.aarch64     libxml2-python-2.9.1-6.amzn2.5.17.aarch64     libxml2-debuginfo-2.9.1-6.amzn2.5.17.aarch64 i686:     libxml2-2.9.1-6.amzn2.5.17.i686     libxml2-devel-2.9.1-6.amzn2.5.17.i686     libxml2-static-2.9.1-6.amzn2.5.17.i686     libxml2-python-2.9.1-6.amzn2.5.17.i686     libxml2-debuginfo-2.9.1-6.amzn2.5.17.i686 src:     libxml2-2.9.1-6.amzn2.5.17.src x86_64:     libxml2-2.9.1-6.amzn2.5.17.x86_64     libxml2-devel-2.9.1-6.amzn2.5.17.x86_64    …Read More