| Revision Date: | 2014-09-08 | Version: | 5 |
| Title: | SUSE-SU-2013:1654-1 -- Security update for libxslt |
| Description: | libxslt receives hereby a LTSS roll-up security update tofix several security issues: * CVE-2013-4520: The XSL implementation in libxsltallowed remote attackers to cause a denial of service(crash) via an invalid DTD. (addendum due to incomplete fixfor CVE-2012-2825) * CVE-2012-6139: libxslt allowed remote attackers tocause a denial of service (NULL pointer dereference andcrash) via an (1) empty match attribute in a XSL key to thexsltAddKey function in keys.c or (2) uninitialized variableto the xsltDocumentFunction function in functions.c. * CVE-2012-2825: The XSL implementation in libxsltallowed remote attackers to cause a denial of service(incorrect read operation) via unspecified vectors. * CVE-2011-3970: libxslt allowed remote attackers tocause a denial of service (out-of-bounds read) viaunspecified vectors. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2011-3970
CVE-2012-2825
CVE-2012-6139
CVE-2013-4520
SUSE-SU-2013:1654-1
|
| Platform(s): | SUSE Linux Enterprise Server 10
| Product(s): | libxslt
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 10 is installed AND Packages match section
libxslt RPM is earlier than 0:1.1.15-15.22.1
OR libxslt-devel RPM is earlier than 0:1.1.15-15.22.1
OR libxslt-32bit RPM is earlier than 0:1.1.15-15.22.1
OR libxslt-devel-32bit RPM is earlier than 0:1.1.15-15.22.1
|