Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1282-1

Опубликовано: 15 мая 2017
Источник: suse-cvrf

Описание

Security update for libxslt

This update for libxslt fixes the following issues:

  • CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).

  • CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591).

  • CVE-2015-9019: Properly initialize random generator (bsc#934119).

  • CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libxslt-1.1.24-19.33.1
libxslt-32bit-1.1.24-19.33.1
libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libxslt-1.1.24-19.33.1
libxslt-32bit-1.1.24-19.33.1
libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libxslt-devel-1.1.24-19.33.1
libxslt-devel-32bit-1.1.24-19.33.1
libxslt-python-1.1.24-19.33.3

Ссылки

Описание

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1
Ссылки

Описание

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1
Ссылки

Описание

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1
Ссылки

Описание

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1
SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1
Ссылки