Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1409-1

Опубликовано: 25 мая 2020
Источник: suse-cvrf

Описание

Security update for libxslt

This update for libxslt fixes the following issues:

Security issues fixed:

  • CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
  • CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).
  • CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).

Список пакетов

Container ses/7.1/cephcsi/cephcsi:latest
libxslt1-1.1.32-3.8.24
Container ses/7.1/rook/ceph:latest
libxslt1-1.1.32-3.8.24
Container ses/7/ceph/ceph:latest
libxslt1-1.1.32-3.8.24
Container ses/7/cephcsi/cephcsi:latest
libxslt1-1.1.32-3.8.24
Container ses/7/rook/ceph:latest
libxslt1-1.1.32-3.8.24
Container suse/rmt-nginx:latest
libxslt1-1.1.32-3.8.24
Container suse/rmt-server:latest
libxslt1-1.1.32-3.8.24
Container suse/sle-micro-rancher/5.2:latest
libxslt1-1.1.32-3.8.24
Container suse/sles/15.3/libguestfs-tools:0.45.0
libxslt1-1.1.32-3.8.24
Image SLES15-Azure-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-EC2-HVM-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-GCE-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-Azure-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-Azure-LI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-Azure-VLI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-EC2-HVM-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-GCE-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SAP-OCI-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Azure-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Azure-HPC-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-EC2-HPC-HVM-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-GCE-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-Azure-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-GCE-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAP-OCI-BYOS
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAPCAL-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAPCAL-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP1-SAPCAL-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Azure-Basic
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Azure-Standard
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-CAP-Deployment-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-EC2-ECS-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-HPC-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-HPC-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-HPC-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP2-SAP-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-CHOST-BYOS-Aliyun
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-CHOST-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-CHOST-BYOS-EC2
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-CHOST-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-EC2-ECS-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-HPC-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-HPC-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-HPC-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-HPC-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-BYOS-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-BYOS-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAP-GCE
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAPCAL-Azure
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAPCAL-EC2-HVM
libxslt1-1.1.32-3.8.24
Image SLES15-SP3-SAPCAL-GCE
libxslt1-1.1.32-3.8.24
SUSE Linux Enterprise Module for Basesystem 15 SP1
libxslt-devel-1.1.32-3.8.24
libxslt-tools-1.1.32-3.8.24
libxslt1-1.1.32-3.8.24

Описание

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.


Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24
Container ses/7.1/rook/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/ceph/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24

Ссылки

Описание

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.


Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24
Container ses/7.1/rook/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/ceph/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24

Ссылки

Описание

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.


Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24
Container ses/7.1/rook/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/ceph/ceph:latest:libxslt1-1.1.32-3.8.24
Container ses/7/cephcsi/cephcsi:latest:libxslt1-1.1.32-3.8.24

Ссылки
Уязвимость SUSE-SU-2020:1409-1