Debian: 2020-0308 Severe: openldap Directory Traversal Vulnerability

mageia

May 18, 2019

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code

Summary

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068).

References

- https://bugs.mageia.org/show_bug.cgi?id=24705

- https://ubuntu.com/security/notices/USN-3947-1

- https://www.cve.org/CVERecord?id=CVE-2019-11068

Topics Covered

security advisory access control libxslt protection bypass malicious access mageia

Resolution

SRPMS

- 6/core/libxslt-1.1.29-6.1.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 18 May 2019

URL: https://advisories.mageia.org/MGASA-2019-0175.html

Type: security

CVE: CVE-2019-11068

Topics Covered

security advisory access control libxslt protection bypass malicious access mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks