Debian: New libxslt packages fix execution of arbitrary code
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1589-1 security@debian.org http://www.debian.org/security/ Steve Kemp May 28, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : libxslt Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1767 Debian Bug : 482664 It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps. For the stable distribution (etch), this problem has been fixed in version 1.1.19-2. For the unstable distribution (sid), this problem has been fixed in version 1.1.24-1. We recommend that you upgrade your libxslt package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf Size/MD5 checksum: 849 27df832e1c58fa0b4ee2fc08ae23eb52 Size/MD5 checksum: 149924 3135ddae6ed99518ca98cb6dd32f9cf5 alpha architecture (DEC Alpha) Size/MD5 checksum: 107220 cb23c0170e99f97ba4a6328b6c15d4e8 Size/MD5 checksum: 131268 264ec9a09e6fd46eb6acb82b6e2e458f Size/MD5 checksum: 690048 6af24b16a70e3eda53cf9b01aeb72abe Size/MD5 checksum: 362862 b0bfc373c7b2b029bdecc32fe3c6b393 Size/MD5 checksum: 230516 c613baf2799aca2b10f704c72d65f6dd amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 131736 bd359cba79ae664919f1d28bb7ee7bb9 Size/MD5 checksum: 630600 9f2ce6f099ad058ddb7756c6bec0ad04 Size/MD5 checksum: 225362 6fad243b75ab8773edac788ae83ff0b2 Size/MD5 checksum: 106520 86122035aa23a3ac883a90f2ad206cb3 Size/MD5 checksum: 360490 43bf746a2e2d510dc2b42bce0ebfe846 arm architecture (ARM) Size/MD5 checksum: 126438 8d9a6a49d04b7b718ea4891090590ebe Size/MD5 checksum: 213174 5a22f4ddde902b9e62b320d595c717e4 Size/MD5 checksum: 106410 fa92dc9b78ddafc576c917dc634850f7 Size/MD5 checksum: 344476 84490df6ef91ef8d59397efd08141adb Size/MD5 checksum: 612866 b755daf391dc131cec3cf5170f7ff3ef hppa architecture (HP PA RISC) Size/MD5 checksum: 132206 246544f21eb977706164148ac110fef4 Size/MD5 checksum: 656512 278e6530497e001b7af16b8c97259640 Size/MD5 checksum: 107496 3c104b63b086ee54e45796cf8f8f5736 Size/MD5 checksum: 238066 ec3a5a9b5ed19d8cea6e207b94960b06 Size/MD5 checksum: 359052 99da4dbb694efd07fec538b0dfba57da i386 architecture (Intel ia32) Size/MD5 checksum: 215768 065db1534d256efaa0bdbed1d5bc2efa Size/MD5 checksum: 106010 d736922f8f98e3655e0d17c47c182911 Size/MD5 checksum: 610254 7d2f1de6b328363d404e0167b2c3d0b2 Size/MD5 checksum: 127542 036211c64911322aad9f5afa3c67a8ce Size/MD5 checksum: 350172 fbd79c2f46affc6a6daea73b95c5fe4c ia64 architecture (Intel ia64) Size/MD5 checksum: 110354 a086d9e71e7152286ff25d6c28d1c188 Size/MD5 checksum: 688004 a39cdbeb7e2bec2db123baf9fb936141 Size/MD5 checksum: 286602 c417da9ebd63d8338401253df1194e01 Size/MD5 checksum: 361472 3643ac55a03571fa185c4e0700298e82 Size/MD5 checksum: 135176 9cdb256571bf9606ed56840a1e88ddb4 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 106622 5f3f9bff564736decdac2c69983211a0 Size/MD5 checksum: 213366 128a0294b6a09059fedb618371ec9d09 Size/MD5 checksum: 650424 55eab53a1978e3e2a7c1f7dbd68fc04c Size/MD5 checksum: 128934 3d52f0f986dd862e8119eabeca944e35 Size/MD5 checksum: 371998 8f2ea540fd91ca75559d8589c8855de7 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 213564 c405f7eef65b01491758e64551b7977f Size/MD5 checksum: 624640 9d2b59c3820eb9c99671399f967e0f3e Size/MD5 checksum: 363788 09bdf35805a2de68a4d1dfe15c28dcfc Size/MD5 checksum: 106668 2633adeeddc2edc4e36e45a7e4e92c2f Size/MD5 checksum: 128564 c768001b8441118205f9f513af83e485 powerpc architecture (PowerPC) Size/MD5 checksum: 611678 3d3acc7b7be03bd0bb2e31dcadf05720 Size/MD5 checksum: 365012 94f6735cc42e233a67fd46df084120ee Size/MD5 checksum: 108104 bca54d59be466884a5cfde0532a324df Size/MD5 checksum: 222790 12aef46d1088d93375ab824b73702bc2 Size/MD5 checksum: 130124 37bb5353c81ed15374acc7305cc54839 s390 architecture (IBM S/390) Size/MD5 checksum: 106798 0a96df71e63deb7d7124aab48152a5df Size/MD5 checksum: 131712 89e70e2d2fadd7b7ec9268d907a62d29 Size/MD5 checksum: 226596 751b28fafff17f6fcb8b2f4c0df370c0 Size/MD5 checksum: 601572 85051174031d0ff2c22fb87d1ab759c0 Size/MD5 checksum: 357722 661c9551483bf52573e52646aaa13b60 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 106330 e6c23ad0752b3c7c22857c935befb984 Size/MD5 checksum: 129134 e6c3f1402576da329d515d9411f7fd53 Size/MD5 checksum: 217862 2ce2c27d8de0dc78ee4162b9664f7144 Size/MD5 checksum: 598868 0acf342e57619d34685f76b879da8891 Size/MD5 checksum: 335962 947c59cd2f23b55b897ded3b31ccc1a6 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org