| |||||||||||||||||||
Ubuntu alert USN-1595-1 (libxslt)
========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file. Software Description: - libxslt: XSLT processing library Details: Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.2 Ubuntu 11.10: libxslt1.1 1.1.26-7ubuntu0.1 Ubuntu 11.04: libxslt1.1 1.1.26-6ubuntu0.1 Ubuntu 10.04 LTS: libxslt1.1 1.1.26-1ubuntu1.1 Ubuntu 8.04 LTS: libxslt1.1 1.1.22-1ubuntu1.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1595-1 CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893 Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubun... https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubun... https://launchpad.net/ubuntu/+source/libxslt/1.1.26-6ubun... https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubun... https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubun... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||