Mageia alert MGASA-2013-0107 (libxslt) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0107:
 libxslt-1.1.26-6.20120127.5.mga2 (2/core) 
Date:
    	       Thu, 4 Apr 2013 23:28:13 +0200
Message-ID:
    	       <20130404212813.GA28004@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0107
Date: 	April 4th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated libxslt packages fix security vulnerability:

Nicholas Gregoire discovered that libxslt incorrectly handled certain
empty values. If a user or automated system were tricked into processing
a specially crafted XSLT document, a remote attacker could cause libxslt
to crash, causing a denial of service (CVE-2012-6139).


Updated Packages:
i586:
libxslt1-1.1.26-6.20120127.5.mga2.i586.rpm
libxslt-devel-1.1.26-6.20120127.5.mga2.i586.rpm
python-libxslt-1.1.26-6.20120127.5.mga2.i586.rpm
xsltproc-1.1.26-6.20120127.5.mga2.i586.rpm
libxslt-debug-1.1.26-6.20120127.5.mga2.i586.rpm

x86_64:
lib64xslt1-1.1.26-6.20120127.5.mga2.x86_64.rpm
lib64xslt-devel-1.1.26-6.20120127.5.mga2.x86_64.rpm
python-libxslt-1.1.26-6.20120127.5.mga2.x86_64.rpm
xsltproc-1.1.26-6.20120127.5.mga2.x86_64.rpm
libxslt-debug-1.1.26-6.20120127.5.mga2.x86_64.rpm

SRPMS:
libxslt-1.1.26-6.20120127.5.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139

http://www.ubuntu.com/usn/usn-1784-1/

https://bugs.mageia.org/show_bug.cgi?id=9592

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)