ArchLinux: 201703-5: libxslt: arbitrary code execution
Summary
An integer overflow issue has been found in libxslt, leading to an out of bounds write on 64-bit systems.
Resolution
Upgrade to 1.1.29+41+gdf5330d1-1.
# pacman -Syu "libxslt>=1.1.29+41+gdf5330d1-1"
The problem has been fixed upstream but no release is available yet.
References
https://bugs.archlinux.org/task/53257 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://gitlab.gnome.org/GNOME/libxslt/-/commit/08ab2774b870de1c7b5a48693df75e8154addae5 https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2017-5029
Workaround
None.