Debian: New libxslt packages fix execution of arbitrary code
Debian: New libxslt packages fix execution of arbitrary code
It was discovered that libxslt, an XSLT processing runtime library,
could be coerced into executing arbitrary code via a buffer overflow
when an XSL style sheet file with a long XSLT "transformation match"
condition triggered a large number of steps.
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1589-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Steve Kemp May 28, 2008 https://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxslt Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1767 Debian Bug : 482664 It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps. For the stable distribution (etch), this problem has been fixed in version 1.1.19-2. For the unstable distribution (sid), this problem has been fixed in version 1.1.24-1. We recommend that you upgrade your libxslt package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: https://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf https://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc Size/MD5 checksum: 849 27df832e1c58fa0b4ee2fc08ae23eb52 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz Size/MD5 checksum: 149924 3135ddae6ed99518ca98cb6dd32f9cf5 alpha architecture (DEC Alpha) https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb Size/MD5 checksum: 107220 cb23c0170e99f97ba4a6328b6c15d4e8 https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb Size/MD5 checksum: 131268 264ec9a09e6fd46eb6acb82b6e2e458f https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb Size/MD5 checksum: 690048 6af24b16a70e3eda53cf9b01aeb72abe https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb Size/MD5 checksum: 362862 b0bfc373c7b2b029bdecc32fe3c6b393 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb Size/MD5 checksum: 230516 c613baf2799aca2b10f704c72d65f6dd amd64 architecture (AMD x86_64 (AMD64)) https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb Size/MD5 checksum: 131736 bd359cba79ae664919f1d28bb7ee7bb9 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb Size/MD5 checksum: 630600 9f2ce6f099ad058ddb7756c6bec0ad04 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb Size/MD5 checksum: 225362 6fad243b75ab8773edac788ae83ff0b2 https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb Size/MD5 checksum: 106520 86122035aa23a3ac883a90f2ad206cb3 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb Size/MD5 checksum: 360490 43bf746a2e2d510dc2b42bce0ebfe846 arm architecture (ARM) https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb Size/MD5 checksum: 126438 8d9a6a49d04b7b718ea4891090590ebe https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb Size/MD5 checksum: 213174 5a22f4ddde902b9e62b320d595c717e4 https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb Size/MD5 checksum: 106410 fa92dc9b78ddafc576c917dc634850f7 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb Size/MD5 checksum: 344476 84490df6ef91ef8d59397efd08141adb https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb Size/MD5 checksum: 612866 b755daf391dc131cec3cf5170f7ff3ef hppa architecture (HP PA RISC) https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb Size/MD5 checksum: 132206 246544f21eb977706164148ac110fef4 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb Size/MD5 checksum: 656512 278e6530497e001b7af16b8c97259640 https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb Size/MD5 checksum: 107496 3c104b63b086ee54e45796cf8f8f5736 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb Size/MD5 checksum: 238066 ec3a5a9b5ed19d8cea6e207b94960b06 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb Size/MD5 checksum: 359052 99da4dbb694efd07fec538b0dfba57da i386 architecture (Intel ia32) https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb Size/MD5 checksum: 215768 065db1534d256efaa0bdbed1d5bc2efa https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb Size/MD5 checksum: 106010 d736922f8f98e3655e0d17c47c182911 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb Size/MD5 checksum: 610254 7d2f1de6b328363d404e0167b2c3d0b2 https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb Size/MD5 checksum: 127542 036211c64911322aad9f5afa3c67a8ce https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb Size/MD5 checksum: 350172 fbd79c2f46affc6a6daea73b95c5fe4c ia64 architecture (Intel ia64) https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb Size/MD5 checksum: 110354 a086d9e71e7152286ff25d6c28d1c188 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb Size/MD5 checksum: 688004 a39cdbeb7e2bec2db123baf9fb936141 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb Size/MD5 checksum: 286602 c417da9ebd63d8338401253df1194e01 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb Size/MD5 checksum: 361472 3643ac55a03571fa185c4e0700298e82 https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb Size/MD5 checksum: 135176 9cdb256571bf9606ed56840a1e88ddb4 mips architecture (MIPS (Big Endian)) https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb Size/MD5 checksum: 106622 5f3f9bff564736decdac2c69983211a0 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb Size/MD5 checksum: 213366 128a0294b6a09059fedb618371ec9d09 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb Size/MD5 checksum: 650424 55eab53a1978e3e2a7c1f7dbd68fc04c https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb Size/MD5 checksum: 128934 3d52f0f986dd862e8119eabeca944e35 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb Size/MD5 checksum: 371998 8f2ea540fd91ca75559d8589c8855de7 mipsel architecture (MIPS (Little Endian)) https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb Size/MD5 checksum: 213564 c405f7eef65b01491758e64551b7977f https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb Size/MD5 checksum: 624640 9d2b59c3820eb9c99671399f967e0f3e https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb Size/MD5 checksum: 363788 09bdf35805a2de68a4d1dfe15c28dcfc https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb Size/MD5 checksum: 106668 2633adeeddc2edc4e36e45a7e4e92c2f https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb Size/MD5 checksum: 128564 c768001b8441118205f9f513af83e485 powerpc architecture (PowerPC) https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb Size/MD5 checksum: 611678 3d3acc7b7be03bd0bb2e31dcadf05720 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb Size/MD5 checksum: 365012 94f6735cc42e233a67fd46df084120ee https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb Size/MD5 checksum: 108104 bca54d59be466884a5cfde0532a324df https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb Size/MD5 checksum: 222790 12aef46d1088d93375ab824b73702bc2 https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb Size/MD5 checksum: 130124 37bb5353c81ed15374acc7305cc54839 s390 architecture (IBM S/390) https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb Size/MD5 checksum: 106798 0a96df71e63deb7d7124aab48152a5df https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb Size/MD5 checksum: 131712 89e70e2d2fadd7b7ec9268d907a62d29 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb Size/MD5 checksum: 226596 751b28fafff17f6fcb8b2f4c0df370c0 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb Size/MD5 checksum: 601572 85051174031d0ff2c22fb87d1ab759c0 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb Size/MD5 checksum: 357722 661c9551483bf52573e52646aaa13b60 sparc architecture (Sun SPARC/UltraSPARC) https://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb Size/MD5 checksum: 106330 e6c23ad0752b3c7c22857c935befb984 https://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb Size/MD5 checksum: 129134 e6c3f1402576da329d515d9411f7fd53 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb Size/MD5 checksum: 217862 2ce2c27d8de0dc78ee4162b9664f7144 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb Size/MD5 checksum: 598868 0acf342e57619d34685f76b879da8891 https://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb Size/MD5 checksum: 335962 947c59cd2f23b55b897ded3b31ccc1a6 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.