Package name
libxslt
Date
2012-10-11
Advisory ID
MDVSA-2012:164
Affected versions
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in libxslt:

Unspecified vulnerability in XSLT allows remote attackers to obtain
potentially sensitive information about heap memory addresses via
unknown vectors (CVE-2011-1202).

libxslt 1.1.26 and earlier does not properly manage memory, which might
allow remote attackers to cause a denial of service (application crash)
via a crafted XSLT expression that is not properly identified during
XPath navigation, related to (1) the xsltCompileLocationPathPattern
function in libxslt/pattern.c and (2) the xsltGenerateIdFunction
function in libxslt/functions.c (CVE-2012-2870).

libxml2 2.9.0-rc1 and earlier does not properly support a cast of
an unspecified variable during handling of XSL transforms, which
allows remote attackers to cause a denial of service or possibly have
unknown other impact via a crafted document, related to the _xmlNs
data structure in include/libxml/tree.h (CVE-2012-2871).

Double free vulnerability in libxslt allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
vectors related to XSL transforms (CVE-2012-2893).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 f826a7ddc953e8f7b7b40deb76912e20  mes5/i586/libxslt1-1.1.24-3.3mdvmes5.2.i586.rpm
 b8e76d09360e0909f5da8f579b104aef  mes5/i586/libxslt-devel-1.1.24-3.3mdvmes5.2.i586.rpm
 ee7c9b7d2f31a60a5e9f56609dfeaa74  mes5/i586/libxslt-proc-1.1.24-3.3mdvmes5.2.i586.rpm
 8c185d22c7d001a80626b3889d8fd3ab  mes5/i586/python-libxslt-1.1.24-3.3mdvmes5.2.i586.rpm 
 7e2de920a497470f4375dd3678722bc3  mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm

2011 i586

 8d19c2f47f598929504906b5728f1908  2011/i586/libxslt1-1.1.26-4.3-mdv2011.0.i586.rpm
 a440039df83de1791527376cd6fc944c  2011/i586/libxslt-devel-1.1.26-4.3-mdv2011.0.i586.rpm
 c27dd1ea12e33f1657fa69347570e9ba  2011/i586/python-libxslt-1.1.26-4.3-mdv2011.0.i586.rpm
 5d5d239e22221799fde1303bc1e8ff4f  2011/i586/xsltproc-1.1.26-4.3-mdv2011.0.i586.rpm 
 800ca7cd52aa4b3aee9766c48e31fab4  2011/SRPMS/libxslt-1.1.26-4.3.src.rpm

MES5 x86_64

 016b471e89084c406ea67ed0291e4f14  mes5/x86_64/lib64xslt1-1.1.24-3.3mdvmes5.2.x86_64.rpm
 085944e218fa19c482907f36cb4039be  mes5/x86_64/lib64xslt-devel-1.1.24-3.3mdvmes5.2.x86_64.rpm
 814524bab2901c4b62c575eabcb9b894  mes5/x86_64/libxslt-proc-1.1.24-3.3mdvmes5.2.x86_64.rpm
 18e50a556417c1541dcbab2b4650d5c0  mes5/x86_64/python-libxslt-1.1.24-3.3mdvmes5.2.x86_64.rpm 
 7e2de920a497470f4375dd3678722bc3  mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm

2011 x86_64

 562107ae8fe225d597f81425b36eb6bd  2011/x86_64/lib64xslt1-1.1.26-4.3-mdv2011.0.x86_64.rpm
 acc201d0f7a56fd57f17155930bd4d58  2011/x86_64/lib64xslt-devel-1.1.26-4.3-mdv2011.0.x86_64.rpm
 e621295e171eb959a43bf0b612800ac2  2011/x86_64/python-libxslt-1.1.26-4.3-mdv2011.0.x86_64.rpm
 c579ae813ba11c3cd5d1c0f4cce0501f  2011/x86_64/xsltproc-1.1.26-4.3-mdv2011.0.x86_64.rpm 
 800ca7cd52aa4b3aee9766c48e31fab4  2011/SRPMS/libxslt-1.1.26-4.3.src.rpm

References