Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1313-1

Опубликовано: 16 мая 2017
Источник: suse-cvrf

Описание

Security update for libxslt

This update for libxslt fixes the following issues:

  • CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).

  • CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591).

  • CVE-2015-9019: Properly initialize random generator (bsc#934119).

  • CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP2
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Server 12 SP1
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Server 12 SP2
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libxslt-tools-1.1.28-16.1
libxslt1-1.1.28-16.1
libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libxslt-devel-1.1.28-16.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libxslt-devel-1.1.28-16.1

Ссылки

Описание

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1
Ссылки

Описание

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1
Ссылки

Описание

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1
Ссылки

Описание

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1
SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1
Ссылки