Paketname
libxslt
Datum
2014-01-16
Advisory ID
MDVSA-2014:006
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in ejabberd:

xslt.c in libxslt before 1.1.25 allows context-dependent attackers
to cause a denial of service (crash) via a stylesheet that embeds a
DTD, which causes a structure to be accessed as a different type.
NOTE: this issue is due to an incomplete fix for CVE-2012-2825
(CVE-2013-4520).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 407874c5ea7e392c07649a0e0e632923  mes5/i586/libxslt1-1.1.24-3.5mdvmes5.2.i586.rpm
 b63b9d0072a25cad9cad2bd0bbc4c9f2  mes5/i586/libxslt-devel-1.1.24-3.5mdvmes5.2.i586.rpm
 679a497180b32d567486dc5162c6d7ad  mes5/i586/libxslt-proc-1.1.24-3.5mdvmes5.2.i586.rpm
 99f52b6ed31f93b65cb4cd77827f42f0  mes5/i586/python-libxslt-1.1.24-3.5mdvmes5.2.i586.rpm 
 6dafabb779ced6b46a4ce854a0120459  mes5/SRPMS/libxslt-1.1.24-3.5mdvmes5.2.src.rpm

MES5 x86_64

 34d7d6f66394059ab207f165098d0e61  mes5/x86_64/lib64xslt1-1.1.24-3.5mdvmes5.2.x86_64.rpm
 101e3ff312bf499c7aa5e7656060c04b  mes5/x86_64/lib64xslt-devel-1.1.24-3.5mdvmes5.2.x86_64.rpm
 9d70abdc2ee7a25177a0e9138e723c7f  mes5/x86_64/libxslt-proc-1.1.24-3.5mdvmes5.2.x86_64.rpm
 928ebd9d861a145055786949d71ee0f9  mes5/x86_64/python-libxslt-1.1.24-3.5mdvmes5.2.x86_64.rpm 
 6dafabb779ced6b46a4ce854a0120459  mes5/SRPMS/libxslt-1.1.24-3.5mdvmes5.2.src.rpm

Referenzen