Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1390-1

Опубликовано: 23 мая 2017
Источник: suse-cvrf

Описание

Security update for libxslt

This update for libxslt fixes the following security issues:

  • CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).

  • CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591).

  • CVE-2015-9019: Properly initialize random generator (bsc#934119).

  • CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2
libxslt-1.1.28-10.3.1
libxslt-devel-1.1.28-10.3.1
libxslt-devel-32bit-1.1.28-10.3.1
libxslt-python-1.1.28-10.3.1
libxslt-tools-1.1.28-10.3.1
libxslt1-1.1.28-10.3.1
libxslt1-32bit-1.1.28-10.3.1

Ссылки

Описание

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Затронутые продукты
openSUSE Leap 42.2:libxslt-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1
Ссылки

Описание

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Затронутые продукты
openSUSE Leap 42.2:libxslt-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1
Ссылки

Описание

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Затронутые продукты
openSUSE Leap 42.2:libxslt-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1
Ссылки

Описание

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты
openSUSE Leap 42.2:libxslt-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1
openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1
Ссылки