Important CentOS libxslt Update

Metadata

medium
6.8
libxslt-1.1.17-4.el5_8.3.i386.rpm, libxslt-1.1.17-4.el5_8.3.src.rpm, libxslt-1.1.17-4.el5_8.3.x86_64.rpm, libxslt-1.1.26-2.el6_3.1.i686.rpm, libxslt-1.1.26-2.el6_3.1.src.rpm, libxslt-1.1.26-2.el6_3.1.x86_64.rpm, libxslt-devel-1.1.17-4.el5_8.3.i386.rpm, libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm, libxslt-devel-1.1.26-2.el6_3.1.i686.rpm, libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm, libxslt-python-1.1.17-4.el5_8.3.i386.rpm, libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm, libxslt-python-1.1.26-2.el6_3.1.i686.rpm, libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
rhn.redhat.com, lists.centos.org, lists.centos.org
2012-09-13
2017-07-27 19:04
ALAS-2012-123
CVE-2011-1202 iceweasel
CVE-2011-3970 libxslt
CVE-2011-1202 xulrunner
CVE-2012-2825 libxslt
CVE-2012-2870 libxslt
CVE-2011-1202 libxslt
CVE-2012-2871 libxslt
CVE-2012-2893 chromium-browser
CVE-2012-2871 chromium-browser
CVE-2012-2870 chromium-browser
CVE-2012-2893 libxslt
CVE-2011-3970
CVE-2012-2825
CVE-2012-2893
CVE-2012-2871
CVE-2011-1202
CVE-2012-2870
2017-04-01 19:06
2017-01-05 20:10

Description


Updated libxslt packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

libxslt is a library for transforming XML files into other textual formats
(including HTML, plain text, and other XML representations of the
underlying data) using the standard XSLT stylesheet transformation
mechanism.

A heap-based buffer overflow flaw was found in the way libxslt applied
templates to nodes selected by certain namespaces. An attacker could use
this flaw to create a malicious XSL file that, when used by an application
linked against libxslt to perform an XSL transformation, could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-2871)

Several denial of service flaws were found in libxslt. An attacker could
use these flaws to create a malicious XSL file that, when used by an
application linked against libxslt to perform an XSL transformation, could
cause the application to crash. (CVE-2012-2825, CVE-2012-2870,
CVE-2011-3970)

An information leak could occur if an application using libxslt processed
an untrusted XPath expression, or used a malicious XSL file to perform an
XSL transformation. If combined with other flaws, this leak could possibly
help an attacker bypass intended memory corruption protections.
(CVE-2011-1202)

All libxslt users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libxslt must be restarted for this update to
take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 libxslt libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt libxslt-1.1.17-4.el5_8.3.src.rpm
libxslt libxslt-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-devel libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-python libxslt-python-1.1.17-4.el5_8.3.i386.rpm
libxslt-python libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
6 libxslt libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt libxslt-1.1.26-2.el6_3.1.src.rpm
libxslt libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python libxslt-python-1.1.26-2.el6_3.1.i686.rpm
libxslt-python libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm