ArchLinux: 201601-8: libxslt: denial of service
Summary
A type confusion vulnerability was discovered in the xsltStylePreCompute() function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document.
Resolution
Upgrade to 1.1.28-4.
# pacman -Syu "libxslt>=1.1.28-4"
The problem has been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2015-7995 https://gitlab.gnome.org/GNOME/libxslt/-/commit/7ca19df89 https://bugzilla.redhat.com/show_bug.cgi?id=1257962 https://bugs.archlinux.org/task/47681
Workaround
None.