RHSA-2012:1265: Important: libxslt security update
First published: Thu Sep 13 2012(Updated: )
libxslt is a library for transforming XML files into other textual formats<br>(including HTML, plain text, and other XML representations of the<br>underlying data) using the standard XSLT stylesheet transformation<br>mechanism.<br>A heap-based buffer overflow flaw was found in the way libxslt applied<br>templates to nodes selected by certain namespaces. An attacker could use<br>this flaw to create a malicious XSL file that, when used by an application<br>linked against libxslt to perform an XSL transformation, could cause the<br>application to crash or, possibly, execute arbitrary code with the<br>privileges of the user running the application. (CVE-2012-2871)<br>Several denial of service flaws were found in libxslt. An attacker could<br>use these flaws to create a malicious XSL file that, when used by an<br>application linked against libxslt to perform an XSL transformation, could<br>cause the application to crash. (CVE-2012-2825, CVE-2012-2870,<br>CVE-2011-3970)<br>An information leak could occur if an application using libxslt processed<br>an untrusted XPath expression, or used a malicious XSL file to perform an<br>XSL transformation. If combined with other flaws, this leak could possibly<br>help an attacker bypass intended memory corruption protections.<br>(CVE-2011-1202)<br>All libxslt users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues. All running<br>applications linked against libxslt must be restarted for this update to<br>take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libxslt | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-debuginfo | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-debuginfo | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-devel | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-devel | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-python | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt-python | <1.1.26-2.el6_3.1 | 1.1.26-2.el6_3.1 |
| redhat/libxslt | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-debuginfo | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-debuginfo | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-devel | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-devel | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-python | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
| redhat/libxslt-python | <1.1.17-4.el5_8.3 | 1.1.17-4.el5_8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=684386
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=788826
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=835982
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=852935
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=852937
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2012:1265 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2012:1265
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- package-manager/redhat