Mageia 2019-0313: libxslt security update

    Date02 Nov 2019
    CategoryMageia
    412
    Posted ByLinuxSecurity Advisories
    Updated libxslt package fixes security vulnerabilities: * In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains
    MGASA-2019-0313 - Updated libxslt packages fix security vulnerabilities
    
    Publication date: 02 Nov 2019
    URL: https://advisories.mageia.org/MGASA-2019-0313.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-13117,
         CVE-2019-13118,
         CVE-2019-18197
    
    Updated libxslt package fixes security vulnerabilities:
    
    * In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings
      could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This
      could allow an attacker to discern whether a byte on the stack contains
      the characters A, a, I, i, or 0, or any other character (CVE-2019-13117).
    
    * In numbers.c in libxslt 1.1.33, a type holding grouping characters of an
      xsl:number instruction was too narrow and an invalid character/length
      combination could be passed to xsltNumberFormatDecimal, leading to a read
      of uninitialized stack data (CVE-2019-13118).
    
    * In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't
      reset under certain circumstances. If the relevant memory area happened to
      be freed and reused in a certain way, a bounds check could fail and memory
      outside a buffer could be written to, or uninitialized data could be
      disclosed (CVE-2019-18197).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25643
    - https://usn.ubuntu.com/4164-1/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
    
    SRPMS:
    - 7/core/libxslt-1.1.33-2.1.mga7
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.