Oval Definition:oval:org.opensuse.security:def:58679
Revision Date:2020-12-01Version:1
Title:Security update for libxslt (Moderate)
Description:



This update for libxslt fixes the following issues:

- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).

- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591).

- CVE-2015-9019: Properly initialize random generator (bsc#934119).

- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)


Family:unixClass:patch
Status:Reference(s):1005591
1035905
1039063
1039064
1039066
1039069
1039661
1088268
1090036
1090338
1092885
1096223
1096740
1097108
1097158
1097410
1097624
1098592
1098735
1099306
1102682
1103203
1104301
1106873
1119069
1119105
1151021
1174633
1174635
1174638
1177914
934119
952474
CVE-2011-0460
CVE-2015-7995
CVE-2015-9019
CVE-2016-4738
CVE-2016-5759
CVE-2017-0861
CVE-2017-18344
CVE-2017-5029
CVE-2017-5838
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
CVE-2018-0495
CVE-2018-0732
CVE-2018-1000199
CVE-2018-10853
CVE-2018-11806
CVE-2018-12384
CVE-2018-12404
CVE-2018-12405
CVE-2018-12617
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
CVE-2018-3639
CVE-2018-3646
CVE-2018-3665
CVE-2018-5383
CVE-2018-5390
CVE-2019-14835
CVE-2020-14345
CVE-2020-14346
CVE-2020-14347
CVE-2020-15999
SUSE-SU-2017:1313-1
SUSE-SU-2017:1538-1
SUSE-SU-2018:1236-1
SUSE-SU-2018:1887-2
SUSE-SU-2018:1943-1
SUSE-SU-2018:2391-1
SUSE-SU-2018:2973-1
SUSE-SU-2018:4236-1
SUSE-SU-2019:0466-1
SUSE-SU-2020:2998-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • augeas-1.10.1-lp150.1 is installed
  • OR augeas-lenses-1.10.1-lp150.1 is installed
  • OR libaugeas0-1.10.1-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-branding-upstream-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-buildsymbols-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-devel-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-translations-common-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-translations-other-68.1.0-lp151.2.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libxslt-1.1.28-16 is installed
  • OR libxslt-tools-1.1.28-16 is installed
  • OR libxslt1-1.1.28-16 is installed
  • OR libxslt1-32bit-1.1.28-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed
  • OR openssl-1.0.2j-60.30 is installed
  • OR openssl-doc-1.0.2j-60.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_109-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_29-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_67-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_19-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gstreamer-1.8.3-9 is installed
  • OR gstreamer-lang-1.8.3-9 is installed
  • OR gstreamer-utils-1.8.3-9 is installed
  • OR libgstreamer-1_0-0-1.8.3-9 is installed
  • OR libgstreamer-1_0-0-32bit-1.8.3-9 is installed
  • OR typelib-1_0-Gst-1_0-1.8.3-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND ucode-intel-20191112-13.53 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND sudo-1.8.20p2-3.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • ghostscript-9.27-23.31 is installed
  • OR ghostscript-x11-9.27-23.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libX11-1.6.2-12.5 is installed
  • OR libX11-6-1.6.2-12.5 is installed
  • OR libX11-6-32bit-1.6.2-12.5 is installed
  • OR libX11-data-1.6.2-12.5 is installed
  • OR libX11-xcb1-1.6.2-12.5 is installed
  • OR libX11-xcb1-32bit-1.6.2-12.5 is installed
  • OR libxcb-1.10-4.3 is installed
  • OR libxcb-dri2-0-1.10-4.3 is installed
  • OR libxcb-dri2-0-32bit-1.10-4.3 is installed
  • OR libxcb-dri3-0-1.10-4.3 is installed
  • OR libxcb-dri3-0-32bit-1.10-4.3 is installed
  • OR libxcb-glx0-1.10-4.3 is installed
  • OR libxcb-glx0-32bit-1.10-4.3 is installed
  • OR libxcb-present0-1.10-4.3 is installed
  • OR libxcb-present0-32bit-1.10-4.3 is installed
  • OR libxcb-randr0-1.10-4.3 is installed
  • OR libxcb-render0-1.10-4.3 is installed
  • OR libxcb-render0-32bit-1.10-4.3 is installed
  • OR libxcb-shape0-1.10-4.3 is installed
  • OR libxcb-shm0-1.10-4.3 is installed
  • OR libxcb-shm0-32bit-1.10-4.3 is installed
  • OR libxcb-sync1-1.10-4.3 is installed
  • OR libxcb-sync1-32bit-1.10-4.3 is installed
  • OR libxcb-xf86dri0-1.10-4.3 is installed
  • OR libxcb-xfixes0-1.10-4.3 is installed
  • OR libxcb-xfixes0-32bit-1.10-4.3 is installed
  • OR libxcb-xinerama0-1.10-4.3 is installed
  • OR libxcb-xkb1-1.10-4.3 is installed
  • OR libxcb-xkb1-32bit-1.10-4.3 is installed
  • OR libxcb-xv0-1.10-4.3 is installed
  • OR libxcb1-1.10-4.3 is installed
  • OR libxcb1-32bit-1.10-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libxslt-tools-1.1.28-16 is installed
  • OR libxslt1-1.1.28-16 is installed
  • OR libxslt1-32bit-1.1.28-16 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • curl-7.37.0-37.43 is installed
  • OR libcurl4-7.37.0-37.43 is installed
  • OR libcurl4-32bit-7.37.0-37.43 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Twisted-15.2.1-9.5 is installed
    • BACK