libxslt: denial of service [LWN.net]

Package(s):

libxslt

CVE #(s):

CVE-2012-2870 CVE-2012-2871

Created:

September 14, 2012

Updated:

October 4, 2012

Description:

From the Red Hat advisory:

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. (CVE-2012-2870)

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. (CVE-2012-2871)

Alerts:

Red Hat	RHSA-2012:1265-01	2012-09-13
CentOS	CESA-2012:1265	2012-09-13
CentOS	CESA-2012:1265	2012-09-13
Oracle	ELSA-2012-1265	2012-09-14
Oracle	ELSA-2012-1265	2012-09-14
Scientific Linux	SL-libx-20120914	2012-09-14
Mageia	MGASA-2012-0272	2012-09-15
Mageia	MGASA-2012-0271	2012-09-15
openSUSE	openSUSE-SU-2012:1215-1	2012-09-19
Fedora	FEDORA-2012-14083	2012-09-26
Fedora	FEDORA-2012-14048	2012-09-27
Ubuntu	USN-1595-1	2012-10-04
Debian	DSA-2555-1	2012-10-05
Mandriva	MDVSA-2012:164	2012-10-11
Mandriva	MDVSA-2013:047	2013-04-05

(Log in to post comments)