Ubuntu Security Update: USN-1234-1 Medium Severity for libxslt DoS Risk
Jan 13, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package libxslt before version 1.1.28-4 is vulnerable to denial of service.
Arch Linux Security Advisory ASA-201601-8 ======================================== Severity: Medium Date : 2016-01-13 CVE-ID : CVE-2015-7995 Package : libxslt Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libxslt before version 1.1.28-4 is vulnerable to denial of service. Resolution ========= Upgrade to 1.1.28-4. # pacman -Syu "libxslt>=1.1.28-4" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== A type confusion vulnerability was discovered in the xsltStylePreCompute() function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document. Impact ===== A remote attacker is able to create a specially crafted XSLT document that, when processed, is leading to an application crash resulting in denial of service. References ========= https://access.redhat.com/security/cve/CVE-2015-7995 https://bugzilla.redhat.com/show_bug.cgi?id=1257962 https://bugs.archlinux.org/task/47681
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!