Описание
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Отчет
Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.
Меры по смягчению последствий
This flaw only applies to applications compiled against libxml2 which use xsltCheckRead and xsltCheckWrite functions and/or allow users to load arbitrary URLs to be parsed via libxml2. In all other cases, applications are not vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxslt | Will not fix | ||
| Red Hat Enterprise Linux 6 | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | libxslt | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | libxslt | Will not fix | ||
| Red Hat Storage 3 | libxslt | Affected | ||
| Red Hat Enterprise Linux 7 | libxslt | Fixed | RHSA-2020:4005 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2020:4464 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | libxslt | Fixed | RHSA-2020:4464 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
libxslt through 1.1.33 allows bypass of a protection mechanism because ...
6.3 Medium
CVSS3