Debian LTS: DLA-1860-1: libxslt security update

    Date22 Jul 2019
    CategoryDebian LTS
    258
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were found in libxslt the XSLT 1.0 processing library. CVE-2016-4610
    
    Package        : libxslt
    Version        : 1.1.28-2+deb8u5
    CVE ID         : CVE-2016-4609 CVE-2016-4610 CVE-2019-13117
      		 CVE-2019-13118
    Debian Bug     : 932321 932320
    
    Several vulnerabilities were found in libxslt the XSLT 1.0 processing
    library.
    
    CVE-2016-4610
    
        Invalid memory access leading to DoS at exsltDynMapFunction. libxslt
        allows remote attackers to cause a denial of service (memory
        corruption) or possibly have unspecified other impact via unknown
        vectors.
    
    CVE-2016-4609
    
        Out-of-bounds read at xmlGetLineNoInternal()
        libxslt allows remote attackers to cause a denial of service (memory
        corruption) or possibly have unspecified other impact via unknown
        vectors.
    
    CVE-2019-13117
    
        An xsl:number with certain format strings could lead to an
        uninitialized read in xsltNumberFormatInsertNumbers. This could
        allow an attacker to discern whether a byte on the stack contains
        the characters A, a, I, i, or 0, or any other character.
    
    CVE-2019-13118
    
        A type holding grouping characters of an xsl:number instruction was
        too narrow and an invalid character/length combination could be
        passed to xsltNumberFormatDecimal, leading to a read of
        uninitialized stack data.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.1.28-2+deb8u5.
    
    We recommend that you upgrade your libxslt packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.