Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability
From: security () mandriva com
Date: Mon, 21 Jul 2008 19:49:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:151
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libxslt
 Date    : July 21, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow vulnerability in libxslt could be exploited via an
 XSL style sheet file with a long XLST transformation match condition,
 which could possibly lead to the execution of arbitrary code
 (CVE-2008-1767).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 269e6513a992d9e016db3908e06590f5  2007.1/i586/libxslt1-1.1.20-2.1mdv2007.1.i586.rpm
 035cc26a3cfdfe3961ce07289e0f1625  2007.1/i586/libxslt1-devel-1.1.20-2.1mdv2007.1.i586.rpm
 acb69204b57de4cb539c7c1829f4b6e9  2007.1/i586/libxslt-proc-1.1.20-2.1mdv2007.1.i586.rpm
 d19e9c0ef2bfb8ae3e5ec910e26735d6  2007.1/i586/python-libxslt-1.1.20-2.1mdv2007.1.i586.rpm 
 4901c1bedaaa6367afe269874d3daa64  2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8fcff8e0c639455c50315af9d420b020  2007.1/x86_64/lib64xslt1-1.1.20-2.1mdv2007.1.x86_64.rpm
 5ddbaa4453c968da07fb497f75ede8d2  2007.1/x86_64/lib64xslt1-devel-1.1.20-2.1mdv2007.1.x86_64.rpm
 3acf4044b3d8eccf21e94dd1cdb03f7c  2007.1/x86_64/libxslt-proc-1.1.20-2.1mdv2007.1.x86_64.rpm
 46d41b25c0feb01ca0b16ef251b51236  2007.1/x86_64/python-libxslt-1.1.20-2.1mdv2007.1.x86_64.rpm 
 4901c1bedaaa6367afe269874d3daa64  2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 b54f606226545944f6691bc5b4951af4  2008.0/i586/libxslt1-1.1.22-2.1mdv2008.0.i586.rpm
 ff696b5846ae5936b5602094922a3276  2008.0/i586/libxslt-devel-1.1.22-2.1mdv2008.0.i586.rpm
 92328e34c084986c674e16184492365a  2008.0/i586/libxslt-proc-1.1.22-2.1mdv2008.0.i586.rpm
 b2fe8b69925a6d6c8671f9d2146de82d  2008.0/i586/python-libxslt-1.1.22-2.1mdv2008.0.i586.rpm 
 c26a63ef401930cc523fe98b34ba3c9a  2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d93a7df55dbf546d3bb03f84ccfd3e46  2008.0/x86_64/lib64xslt1-1.1.22-2.1mdv2008.0.x86_64.rpm
 79098087f94766034cf27925ef0923b7  2008.0/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.0.x86_64.rpm
 22e0c6c896efe7cff21f8242cd362e79  2008.0/x86_64/libxslt-proc-1.1.22-2.1mdv2008.0.x86_64.rpm
 9ecb4e151c77575bff8b627b26fbf949  2008.0/x86_64/python-libxslt-1.1.22-2.1mdv2008.0.x86_64.rpm 
 c26a63ef401930cc523fe98b34ba3c9a  2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 564225f1f8fc90de67dcf190bf367a54  2008.1/i586/libxslt1-1.1.22-2.1mdv2008.1.i586.rpm
 4a245a02cca0f57b94d3b838d55cd646  2008.1/i586/libxslt-devel-1.1.22-2.1mdv2008.1.i586.rpm
 408a00d6b663ff7cec94210551ffab5b  2008.1/i586/libxslt-proc-1.1.22-2.1mdv2008.1.i586.rpm
 ff3e1498caf4afdc098c7ed6aa93eaaa  2008.1/i586/python-libxslt-1.1.22-2.1mdv2008.1.i586.rpm 
 f942f9a3ed7756b0909197478b1cbab0  2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 494326373eca400d832d2bd4a87cbf32  2008.1/x86_64/lib64xslt1-1.1.22-2.1mdv2008.1.x86_64.rpm
 dcdfaa95b392d09b809341a50e381a1d  2008.1/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.1.x86_64.rpm
 da14b3e445e1711cc20d9151b94dbf4a  2008.1/x86_64/libxslt-proc-1.1.22-2.1mdv2008.1.x86_64.rpm
 5f553b350a9a96a784b754b8da3b1331  2008.1/x86_64/python-libxslt-1.1.22-2.1mdv2008.1.x86_64.rpm 
 f942f9a3ed7756b0909197478b1cbab0  2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

 Corporate 3.0:
 3bad56368c2013918528b5c91d36a540  corporate/3.0/i586/libxslt1-1.1.2-1.1.C30mdk.i586.rpm
 e8f0d690402867f35fe383f57f1309fb  corporate/3.0/i586/libxslt1-devel-1.1.2-1.1.C30mdk.i586.rpm
 e31d2747065fbe3290bcdea0429f4b38  corporate/3.0/i586/libxslt-proc-1.1.2-1.1.C30mdk.i586.rpm
 292bd60026d2fab7c121e8dd4ebe7489  corporate/3.0/i586/libxslt-python-1.1.2-1.1.C30mdk.i586.rpm 
 6f482d0addecb3334b2d48e5219c7e89  corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 334e2ddcc66df63e59a5cf3bed7aa12e  corporate/3.0/x86_64/lib64xslt1-1.1.2-1.1.C30mdk.x86_64.rpm
 25185db8f68ee30df4382b83ba3e91da  corporate/3.0/x86_64/lib64xslt1-devel-1.1.2-1.1.C30mdk.x86_64.rpm
 99f9597a0e431d68db06d34175658512  corporate/3.0/x86_64/libxslt-proc-1.1.2-1.1.C30mdk.x86_64.rpm
 af53b90f2c6c10a9abe11ee3d655ffb9  corporate/3.0/x86_64/libxslt-python-1.1.2-1.1.C30mdk.x86_64.rpm 
 6f482d0addecb3334b2d48e5219c7e89  corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

 Corporate 4.0:
 401a4225975ceee992bfcf8f7fe1c717  corporate/4.0/i586/libxslt1-1.1.15-1.1.20060mlcs4.i586.rpm
 946ef45293b40f93f6651d6520a73f9a  corporate/4.0/i586/libxslt1-devel-1.1.15-1.1.20060mlcs4.i586.rpm
 4cf60d91fc60bbb1abf0da486e160ec2  corporate/4.0/i586/libxslt-proc-1.1.15-1.1.20060mlcs4.i586.rpm
 9e39ec030460550aa65e620ea8527727  corporate/4.0/i586/libxslt-python-1.1.15-1.1.20060mlcs4.i586.rpm 
 c33d0da326ad390a3614bae3219954e0  corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 8c3fc8b33f79304d8d855772bead0896  corporate/4.0/x86_64/lib64xslt1-1.1.15-1.1.20060mlcs4.x86_64.rpm
 b4f06dd5b4537ae670920dcd84ad1e4b  corporate/4.0/x86_64/lib64xslt1-devel-1.1.15-1.1.20060mlcs4.x86_64.rpm
 9241685719d35f788bc34bef26f6a471  corporate/4.0/x86_64/libxslt-proc-1.1.15-1.1.20060mlcs4.x86_64.rpm
 bf3ca6342f8327926df5f940ec399c4b  corporate/4.0/x86_64/libxslt-python-1.1.15-1.1.20060mlcs4.x86_64.rpm 
 c33d0da326ad390a3614bae3219954e0  corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIhQ36mqjQ0CJFipgRAi9eAJ9RVcKUd+Q+xukmpZAjhlGt8eJzawCbBfKO
yRmmTSD6f3PkvymAlolIBB4=
=UXWQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability security (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]