Package name
libxslt
Date
2013-04-05
Advisory ID
MDVSA-2013:047
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in libxslt:

The XSL implementation in libxslt allows remote attackers to cause a
denial of service (incorrect read operation) via unspecified vectors
(CVE-2012-2825).

libxslt 1.1.26 and earlier does not properly manage memory, which might
allow remote attackers to cause a denial of service (application crash)
via a crafted XSLT expression that is not properly identified during
XPath navigation, related to (1) the xsltCompileLocationPathPattern
function in libxslt/pattern.c and (2) the xsltGenerateIdFunction
function in libxslt/functions.c (CVE-2012-2870).

libxml2 2.9.0-rc1 and earlier does not properly support a cast of
an unspecified variable during handling of XSL transforms, which
allows remote attackers to cause a denial of service or possibly have
unknown other impact via a crafted document, related to the _xmlNs
data structure in include/libxml/tree.h (CVE-2012-2871).

Double free vulnerability in libxslt allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
vectors related to XSL transforms (CVE-2012-2893).

The updated packages have been patched to correct these issues.

Updated packages

MBS1 x86_64

 6dd46f422fb2826ec50a583deff25ea2  mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.2.mbs1.x86_64.rpm
 97dbebeb234859c9fb70b42221d0e01c  mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.2.mbs1.x86_64.rpm
 d89b5da4a9297a89975734dd7642200b  mbs1/x86_64/python-libxslt-1.1.26-6.20120127.2.mbs1.x86_64.rpm
 9f73eb409a80608836f86a2c3e2d3be9  mbs1/x86_64/xsltproc-1.1.26-6.20120127.2.mbs1.x86_64.rpm 
 95136df2e944a787dc25d07a364f2729  mbs1/SRPMS/libxslt-1.1.26-6.20120127.2.mbs1.src.rpm

References