SUSE-SU-2013:1654-1: moderate: Security update for libxslt
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Nov 11 12:04:12 MST 2013
SUSE Security Update: Security update for libxslt
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1654-1
Rating: moderate
References: #746039 #769182 #811686 #849019
Cross-References: CVE-2011-3970 CVE-2012-2825 CVE-2012-6139
Affected Products:
SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
libxslt receives hereby a LTSS roll-up security update to
fix several security issues:
*
CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)
*
CVE-2012-6139: libxslt allowed remote attackers to
cause a denial of service (NULL pointer dereference and
crash) via an (1) empty match attribute in a XSL key to the
xsltAddKey function in keys.c or (2) uninitialized variable
to the xsltDocumentFunction function in functions.c.
*
CVE-2012-2825: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(incorrect read operation) via unspecified vectors.
*
CVE-2011-3970: libxslt allowed remote attackers to
cause a denial of service (out-of-bounds read) via
unspecified vectors.
Security Issue references:
* CVE-2012-6139
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
>
* CVE-2012-2825
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
>
* CVE-2011-3970
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970
>
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
libxslt-1.1.15-15.22.1
libxslt-devel-1.1.15-15.22.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
libxslt-32bit-1.1.15-15.22.1
libxslt-devel-32bit-1.1.15-15.22.1
References:
http://support.novell.com/security/cve/CVE-2011-3970.html
http://support.novell.com/security/cve/CVE-2012-2825.html
http://support.novell.com/security/cve/CVE-2012-6139.html
https://bugzilla.novell.com/746039
https://bugzilla.novell.com/769182
https://bugzilla.novell.com/811686
https://bugzilla.novell.com/849019
http://download.novell.com/patch/finder/?keywords=8f27549488997eeff15597ab0b7a9c1a
More information about the sle-security-updates
mailing list