Debian: New libxslt packages fix arbitrary code execution
July 31, 2008
Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.
Summary
Severity
- ------------------------------------------------------------------------Debian Security Advisory DSA-1624-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package : libxslt
Vulnerability : buffer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2935
Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 1.1.19-3.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your libxslt packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf
Size/MD5 checksum: 149686 b62a7dd0aa648576a266cd20d634c216
Size/MD5 checksum: 849 7d98fdda0079574b360d4a6e2a12e2be
alpha architecture (DEC Alpha)
Size/MD5 checksum: 107264 4aac707640a9fcf9aabcd42336b38be3
Size/MD5 checksum: 365058 0e966c67dfbc374141960789fcbe96ab
Size/MD5 checksum: 690408 a431dcc2f32428677e7b737b971e0f9e
Size/MD5 checksum: 230788 55d88a4f39eeccf4a21cd2b335c35ae5
Size/MD5 checksum: 131312 ce983f9b6de55027f803e39d1dda2a25
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 362484 c91d2d5458f6de4002b4401f5675b742
Size/MD5 checksum: 225658 6d4a52da7c2ca5a4280b06bdf03875e0
Size/MD5 checksum: 630884 06616b7e52d2fc80530302c7d3acd540
Size/MD5 checksum: 106562 7782d3653528b848ce1d98455f790196
Size/MD5 checksum: 131782 8e9ed3c7418725e1853ae5ccbd082c9b
arm architecture (ARM)
Size/MD5 checksum: 106452 9ef81b83e04979147310ec62d2682550
Size/MD5 checksum: 346610 29566f2276ff440e778dac5fb667f346
Size/MD5 checksum: 613436 a9a4ebc76beb7ca67f9a7e92e8029ca7
Size/MD5 checksum: 213438 2c16e6911e26b8fb360aabd16281c0f6
Size/MD5 checksum: 126468 b97c69ae48a06fd09a41fadc7c00366c
hppa architecture (HP PA RISC)
Size/MD5 checksum: 659318 c0f64453ca8cb8dbe9f3970cf157b3ab
Size/MD5 checksum: 238420 a7c8f14314bdb82fc51ec1578f4efad3
Size/MD5 checksum: 107274 3fc49ac897c34e339b3f496700bdfd5e
Size/MD5 checksum: 132222 3f4dc4e5f1162e819bc534c610fad3dc
Size/MD5 checksum: 360748 a8c4ae1c8f2e8c348c852a0931f762c5
i386 architecture (Intel ia32)
Size/MD5 checksum: 105974 ea524e8b733c0aa52b797692ee2619b6
Size/MD5 checksum: 216014 27edcf6172b7d9b5b304bf2265ce6e48
Size/MD5 checksum: 128718 3bb1df547e3b5312a382bda417a23bc6
Size/MD5 checksum: 352132 a7707c2b2a1014f61b79383d639c734f
Size/MD5 checksum: 589190 ea9dbf9647d07f026c6b1fd40c0a2546
ia64 architecture (Intel ia64)
Size/MD5 checksum: 364096 277f76958053137cd94f84d3543bfd75
Size/MD5 checksum: 110406 2636a094ea4494abb2d972c6a7911689
Size/MD5 checksum: 688406 f8a2642f68f1afb6c2fe980acaef4db5
Size/MD5 checksum: 135214 69e26e4d34a753112f8b4101f7c39812
Size/MD5 checksum: 286960 5e0ade1cf276e946cfd1a7f12160c7a0
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 650964 68b73cf1d94f9e3df9bb5673270a3e4d
Size/MD5 checksum: 128984 334fcd884357833ef1ba40e9753d856b
Size/MD5 checksum: 106670 d93d383465f3c7943c82dcd65d1ac560
Size/MD5 checksum: 213704 9f9fce502a07f2466b39ff4bf7ef58b0
Size/MD5 checksum: 374008 12305da936211d86b13a7c98090391cb
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 625304 53e74fce7300247478e318878b06a863
Size/MD5 checksum: 365834 48789b75049ec966939982fafa7fa83e
Size/MD5 checksum: 106716 d99ec4062b95d872f66a4a68cbd4bb60
Size/MD5 checksum: 128606 3ec247d95450b7091ffef7df0adad247
Size/MD5 checksum: 213946 5ebc6eb3e75d70a0c093b2e9d65884d7
powerpc architecture (PowerPC)
Size/MD5 checksum: 223150 195bcb8c18c3024d4dbf15ad06d3d96c
Size/MD5 checksum: 108146 332071c2aabb087b7ee3e6a12e6d2633
Size/MD5 checksum: 130170 1f2348ff3cb769eb72bb5a941afc1124
Size/MD5 checksum: 612084 76ca146446c6470fab227e5cf4b91445
Size/MD5 checksum: 367182 ec6a577956bedc887267bc6185abcedd
s390 architecture (IBM S/390)
Size/MD5 checksum: 601870 11a81ef5cf32bb11102b43b62c1d1371
Size/MD5 checksum: 106834 f3ed9fc6410f2f78de38348736116eee
Size/MD5 checksum: 131760 1d7705741271ea0227cdf15eae46f846
Size/MD5 checksum: 226842 7700a4e49d319d5726074de70ff9a68f
Size/MD5 checksum: 359430 f11c56a8baaa1bd61ef074324aea9068
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 599292 568ee2c44a15e4d5b1d27abb5f3f80ad
Size/MD5 checksum: 218166 953db53eba1934c6279875e4ff8b6834
Size/MD5 checksum: 106372 c9eae6bbdde15ada4613922ab216c6ed
Size/MD5 checksum: 129172 8a97bb6cd74fe353383be290ea14298b
Size/MD5 checksum: 337986 2f869f832a7ecdcb7a6ae50b12d0e916
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
