ELSA-2012-1265

Опубликовано: 13 сент. 2012

Источник: oracle-oval

Платформа: Oracle Linux 5

Платформа: Oracle Linux 6

Описание

ELSA-2012-1265: libxslt security update (IMPORTANT)

[1.1.26-2.0.2.el6_3.1]

Increment release to avoid ULN conflict with previous release.

[1.1.26-2.0.1.el6_3.1]

Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball

[1.1.26-2.el6_3.1]

fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870
Fix direct pattern matching bug
Fix popping of vars in xsltCompilerNodePop
Fix bug 602515
Fix generate-id() to not expose object addresses (CVE-2011-1202)
Fix some case of pattern parsing errors (CVE-2011-3970)
Fix a bug in selecting XSLT elements (CVE-2012-2825)
Fix portability to upcoming libxml2-2.9.0
Fix default template processing on namespace nodes (CVE-2012-2871)
Cleanup of the pattern compilation code (CVE-2012-2870)
Hardening of code checking node types in various entry point (CVE-2012-2870)
Hardening of code checking node types in EXSLT (CVE-2012-2870)
Fix system-property with unknown namespace
Xsltproc should return an error code if xinclude fails
Fix a dictionary string usage
Avoid a heap use after free error

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

libxslt

1.1.17-4.0.1.el5_8.3

libxslt-devel

1.1.17-4.0.1.el5_8.3

libxslt-python

1.1.17-4.0.1.el5_8.3

Oracle Linux x86_64

libxslt

1.1.17-4.0.1.el5_8.3

libxslt-devel

1.1.17-4.0.1.el5_8.3

libxslt-python

1.1.17-4.0.1.el5_8.3

Oracle Linux i386

libxslt

1.1.17-4.0.1.el5_8.3

libxslt-devel

1.1.17-4.0.1.el5_8.3

libxslt-python

1.1.17-4.0.1.el5_8.3

Oracle Linux 6

Oracle Linux x86_64

libxslt

1.1.26-2.0.2.el6_3.1

libxslt-devel

1.1.26-2.0.2.el6_3.1

libxslt-python

1.1.26-2.0.2.el6_3.1

Oracle Linux i686

libxslt

1.1.26-2.0.2.el6_3.1

libxslt-devel

1.1.26-2.0.2.el6_3.1

libxslt-python

1.1.26-2.0.2.el6_3.1

Oracle Linux sparc64

libxslt

1.1.26-2.0.2.el6_3.1

libxslt-devel

1.1.26-2.0.2.el6_3.1

libxslt-python

1.1.26-2.0.2.el6_3.1

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2012-2825

ubuntu

почти 13 лет назад

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVE-2012-2825

redhat

почти 13 лет назад

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVE-2012-2825

nvd

почти 13 лет назад

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

CVE-2012-2825

debian

почти 13 лет назад

The XSL implementation in Google Chrome before 20.0.1132.43 allows rem ...

BDU:2015-02885

fstec

почти 13 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации