Security update for libxslt
SUSE Security Update: Security update for libxslt
libxslt receives hereby a LTSS roll-up security update to
fix several security issues:
*
CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)
*
CVE-2012-6139: libxslt allowed remote attackers to
cause a denial of service (NULL pointer dereference and
crash) via an (1) empty match attribute in a XSL key to the
xsltAddKey function in keys.c or (2) uninitialized variable
to the xsltDocumentFunction function in functions.c.
*
CVE-2012-2825: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(incorrect read operation) via unspecified vectors.
*
CVE-2011-3970: libxslt allowed remote attackers to
cause a denial of service (out-of-bounds read) via
unspecified vectors.
Security Issue references:
* CVE-2012-6139
>
* CVE-2012-2825
>
* CVE-2011-3970
>
| Announcement ID: | SUSE-SU-2013:1654-1 |
| Rating: | moderate |
| References: | #746039 #769182 #811686 #849019 |
| Affected Products: |
An update that solves three vulnerabilities and has one errata is now available.
Description:
libxslt receives hereby a LTSS roll-up security update to
fix several security issues:
*
CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)
*
CVE-2012-6139: libxslt allowed remote attackers to
cause a denial of service (NULL pointer dereference and
crash) via an (1) empty match attribute in a XSL key to the
xsltAddKey function in keys.c or (2) uninitialized variable
to the xsltDocumentFunction function in functions.c.
*
CVE-2012-2825: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(incorrect read operation) via unspecified vectors.
*
CVE-2011-3970: libxslt allowed remote attackers to
cause a denial of service (out-of-bounds read) via
unspecified vectors.
Security Issue references:
* CVE-2012-6139
* CVE-2012-2825
* CVE-2011-3970
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
- libxslt-1.1.15-15.22.1
- libxslt-devel-1.1.15-15.22.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
- libxslt-32bit-1.1.15-15.22.1
- libxslt-devel-32bit-1.1.15-15.22.1
References:
- http://support.novell.com/security/cve/CVE-2011-3970.html
- http://support.novell.com/security/cve/CVE-2012-2825.html
- http://support.novell.com/security/cve/CVE-2012-6139.html
- https://bugzilla.novell.com/746039
- https://bugzilla.novell.com/769182
- https://bugzilla.novell.com/811686
- https://bugzilla.novell.com/849019
- http://download.suse.com/patch/finder/?keywords=8f27549488997eeff15597ab0b7a9c1a