Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: xmlsec1 security and bug fix update
Advisory ID:       RHSA-2011:0486-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2011:0486.html
Issue date:        2011-05-04
CVE Names:         CVE-2011-1425 
====================================================================
1. Summary:

Updated xmlsec1 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The XML Security Library is a C library based on libxml2 and OpenSSL that
implements the XML Digital Signature and XML Encryption standards.

A flaw was found in the way xmlsec1 handled XML files that contain an XSLT
transformation specification. A specially-crafted XML file could cause
xmlsec1 to create or overwrite an arbitrary file while performing the
verification of a file's digital signature. (CVE-2011-1425)

Red Hat would like to thank Nicolas Gr