xmlsec1: remote overwrite of arbitrary files
| Package(s): | xmlsec1 |
CVE #(s): | CVE-2011-1425
|
| Created: | April 4, 2011 |
Updated: | May 5, 2011 |
| Description: |
From the Mandriva advisory:
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in WebKit and other products, when XSLT is enabled, allows
remote attackers to create or overwrite arbitrary files via vectors
involving the libxslt output extension and a ds:Transform element
during signature verification. |
| Alerts: |
| Gentoo |
201412-09 |
racer-bin, fmod, PEAR-Mail, lvm2, gnucash, xine-lib, lastfmplayer, webkit-gtk, shadow, PEAR-PEAR, unixODBC, resource-agents, mrouted, rsync, xmlsec, xrdb, vino, oprofile, syslog-ng, sflowtool, gdm, libsoup, ca-certificates, gitolite, qt-creator |
2014-12-11 |
| Debian |
DSA-2219-1 |
xmlsec1 |
2011-04-18 |
| Mandriva |
MDVSA-2011:063 |
xmlsec1 |
2011-04-04 |
| CentOS |
CESA-2011:0486 |
xmlsec1 |
2011-05-05 |
| CentOS |
CESA-2011:0486 |
xmlsec1 |
2011-05-05 |
| Red Hat |
RHSA-2011:0486-01 |
xmlsec1 |
2011-05-04 |
| Pardus |
2011-73 |
xmlsec |
2011-05-03 |
|
