- Nom du paquet
- Advisory ID
- Affected versions
- MBS1 x86_64
A vulnerability has been discovered and corrected in libxslt:
The XSL implementation in libxslt allows remote attackers to cause a
denial of service (incorrect read operation) via unspecified vectors
libxslt 1.1.26 and earlier does not properly manage memory, which might
allow remote attackers to cause a denial of service (application crash)
via a crafted XSLT expression that is not properly identified during
XPath navigation, related to (1) the xsltCompileLocationPathPattern
function in libxslt/pattern.c and (2) the xsltGenerateIdFunction
function in libxslt/functions.c (CVE-2012-2870).
libxml2 2.9.0-rc1 and earlier does not properly support a cast of
an unspecified variable during handling of XSL transforms, which
allows remote attackers to cause a denial of service or possibly have
unknown other impact via a crafted document, related to the _xmlNs
data structure in include/libxml/tree.h (CVE-2012-2871).
Double free vulnerability in libxslt allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
vectors related to XSL transforms (CVE-2012-2893).
The updated packages have been patched to correct these issues.
6dd46f422fb2826ec50a583deff25ea2 mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.2.mbs1.x86_64.rpm 97dbebeb234859c9fb70b42221d0e01c mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.2.mbs1.x86_64.rpm d89b5da4a9297a89975734dd7642200b mbs1/x86_64/python-libxslt-1.1.26-6.20120127.2.mbs1.x86_64.rpm 9f73eb409a80608836f86a2c3e2d3be9 mbs1/x86_64/xsltproc-1.1.26-6.20120127.2.mbs1.x86_64.rpm 95136df2e944a787dc25d07a364f2729 mbs1/SRPMS/libxslt-1.1.26-6.20120127.2.mbs1.src.rpm