LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated libxslt packages fix buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code (CVE-2008-1767). The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:151
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libxslt
 Date    : July 21, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow vulnerability in libxslt could be exploited via an
 XSL style sheet file with a long XLST transformation match condition,
 which could possibly lead to the execution of arbitrary code
 (CVE-2008-1767).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 269e6513a992d9e016db3908e06590f5  2007.1/i586/libxslt1-1.1.20-2.1mdv2007.1.i586.rpm
 035cc26a3cfdfe3961ce07289e0f1625  2007.1/i586/libxslt1-devel-1.1.20-2.1mdv2007.1.i586.rpm
 acb69204b57de4cb539c7c1829f4b6e9  2007.1/i586/libxslt-proc-1.1.20-2.1mdv2007.1.i586.rpm
 d19e9c0ef2bfb8ae3e5ec910e26735d6  2007.1/i586/python-libxslt-1.1.20-2.1mdv2007.1.i586.rpm 
 4901c1bedaaa6367afe269874d3daa64  2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8fcff8e0c639455c50315af9d420b020  2007.1/x86_64/lib64xslt1-1.1.20-2.1mdv2007.1.x86_64.rpm
 5ddbaa4453c968da07fb497f75ede8d2  2007.1/x86_64/lib64xslt1-devel-1.1.20-2.1mdv2007.1.x86_64.rpm
 3acf4044b3d8eccf21e94dd1cdb03f7c  2007.1/x86_64/libxslt-proc-1.1.20-2.1mdv2007.1.x86_64.rpm
 46d41b25c0feb01ca0b16ef251b51236  2007.1/x86_64/python-libxslt-1.1.20-2.1mdv2007.1.x86_64.rpm 
 4901c1bedaaa6367afe269874d3daa64  2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 b54f606226545944f6691bc5b4951af4  2008.0/i586/libxslt1-1.1.22-2.1mdv2008.0.i586.rpm
 ff696b5846ae5936b5602094922a3276  2008.0/i586/libxslt-devel-1.1.22-2.1mdv2008.0.i586.rpm
 92328e34c084986c674e16184492365a  2008.0/i586/libxslt-proc-1.1.22-2.1mdv2008.0.i586.rpm
 b2fe8b69925a6d6c8671f9d2146de82d  2008.0/i586/python-libxslt-1.1.22-2.1mdv2008.0.i586.rpm 
 c26a63ef401930cc523fe98b34ba3c9a  2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d93a7df55dbf546d3bb03f84ccfd3e46  2008.0/x86_64/lib64xslt1-1.1.22-2.1mdv2008.0.x86_64.rpm
 79098087f94766034cf27925ef0923b7  2008.0/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.0.x86_64.rpm
 22e0c6c896efe7cff21f8242cd362e79  2008.0/x86_64/libxslt-proc-1.1.22-2.1mdv2008.0.x86_64.rpm
 9ecb4e151c77575bff8b627b26fbf949  2008.0/x86_64/python-libxslt-1.1.22-2.1mdv2008.0.x86_64.rpm 
 c26a63ef401930cc523fe98b34ba3c9a  2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 564225f1f8fc90de67dcf190bf367a54  2008.1/i586/libxslt1-1.1.22-2.1mdv2008.1.i586.rpm
 4a245a02cca0f57b94d3b838d55cd646  2008.1/i586/libxslt-devel-1.1.22-2.1mdv2008.1.i586.rpm
 408a00d6b663ff7cec94210551ffab5b  2008.1/i586/libxslt-proc-1.1.22-2.1mdv2008.1.i586.rpm
 ff3e1498caf4afdc098c7ed6aa93eaaa  2008.1/i586/python-libxslt-1.1.22-2.1mdv2008.1.i586.rpm 
 f942f9a3ed7756b0909197478b1cbab0  2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 494326373eca400d832d2bd4a87cbf32  2008.1/x86_64/lib64xslt1-1.1.22-2.1mdv2008.1.x86_64.rpm
 dcdfaa95b392d09b809341a50e381a1d  2008.1/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.1.x86_64.rpm
 da14b3e445e1711cc20d9151b94dbf4a  2008.1/x86_64/libxslt-proc-1.1.22-2.1mdv2008.1.x86_64.rpm
 5f553b350a9a96a784b754b8da3b1331  2008.1/x86_64/python-libxslt-1.1.22-2.1mdv2008.1.x86_64.rpm 
 f942f9a3ed7756b0909197478b1cbab0  2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

 Corporate 3.0:
 3bad56368c2013918528b5c91d36a540  corporate/3.0/i586/libxslt1-1.1.2-1.1.C30mdk.i586.rpm
 e8f0d690402867f35fe383f57f1309fb  corporate/3.0/i586/libxslt1-devel-1.1.2-1.1.C30mdk.i586.rpm
 e31d2747065fbe3290bcdea0429f4b38  corporate/3.0/i586/libxslt-proc-1.1.2-1.1.C30mdk.i586.rpm
 292bd60026d2fab7c121e8dd4ebe7489  corporate/3.0/i586/libxslt-python-1.1.2-1.1.C30mdk.i586.rpm 
 6f482d0addecb3334b2d48e5219c7e89  corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 334e2ddcc66df63e59a5cf3bed7aa12e  corporate/3.0/x86_64/lib64xslt1-1.1.2-1.1.C30mdk.x86_64.rpm
 25185db8f68ee30df4382b83ba3e91da  corporate/3.0/x86_64/lib64xslt1-devel-1.1.2-1.1.C30mdk.x86_64.rpm
 99f9597a0e431d68db06d34175658512  corporate/3.0/x86_64/libxslt-proc-1.1.2-1.1.C30mdk.x86_64.rpm
 af53b90f2c6c10a9abe11ee3d655ffb9  corporate/3.0/x86_64/libxslt-python-1.1.2-1.1.C30mdk.x86_64.rpm 
 6f482d0addecb3334b2d48e5219c7e89  corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

 Corporate 4.0:
 401a4225975ceee992bfcf8f7fe1c717  corporate/4.0/i586/libxslt1-1.1.15-1.1.20060mlcs4.i586.rpm
 946ef45293b40f93f6651d6520a73f9a  corporate/4.0/i586/libxslt1-devel-1.1.15-1.1.20060mlcs4.i586.rpm
 4cf60d91fc60bbb1abf0da486e160ec2  corporate/4.0/i586/libxslt-proc-1.1.15-1.1.20060mlcs4.i586.rpm
 9e39ec030460550aa65e620ea8527727  corporate/4.0/i586/libxslt-python-1.1.15-1.1.20060mlcs4.i586.rpm 
 c33d0da326ad390a3614bae3219954e0  corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 8c3fc8b33f79304d8d855772bead0896  corporate/4.0/x86_64/lib64xslt1-1.1.15-1.1.20060mlcs4.x86_64.rpm
 b4f06dd5b4537ae670920dcd84ad1e4b  corporate/4.0/x86_64/lib64xslt1-devel-1.1.15-1.1.20060mlcs4.x86_64.rpm
 9241685719d35f788bc34bef26f6a471  corporate/4.0/x86_64/libxslt-proc-1.1.15-1.1.20060mlcs4.x86_64.rpm
 bf3ca6342f8327926df5f940ec399c4b  corporate/4.0/x86_64/libxslt-python-1.1.15-1.1.20060mlcs4.x86_64.rpm 
 c33d0da326ad390a3614bae3219954e0  corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers From China Waste Little Time in Exploiting Heartbleed
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Why a hacker got paid for finding the Heartbleed bug
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.