Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: libxslt vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767)
Ubuntu Security Notice USN-633-1            August 01, 2008
libxslt vulnerabilities
CVE-2008-1767, CVE-2008-2935

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxslt1.1                      1.1.15-1ubuntu1.2

Ubuntu 7.04:
  libxslt1.1                      1.1.20-0ubuntu2.2

Ubuntu 7.10:
  libxslt1.1                      1.1.21-2ubuntu2.2

Ubuntu 8.04 LTS:
  libxslt1.1                      1.1.22-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that long transformation matches in libxslt could
overflow.  If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)

Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information.  If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    64266 cf69a61672e61f708158980c7783ec87
      Size/MD5:      901 b434ae6f23ddc2f7e87e42ee72b9697d
      Size/MD5:  2657197 238de9eda71b570ff7b78aaf65308fc6

  Architecture independent packages:
      Size/MD5:     7918 7161007248bac7267ee7f5aa5dab3011

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   541836 103a0da6902354830120a7952cce618f
      Size/MD5:   210278 9adf228fcce713c593268a5276655c2b
      Size/MD5:   118280 c8d9b1fdda773b5d06fd72a72b191a54
      Size/MD5:    96024 96fae1681c7a3729a502955e2f66a95c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   519334 9f8db410faec033dc3cff889cf36f9d2
      Size/MD5:   195678 497843da4c7d88763eee863ec3914c07
      Size/MD5:   114540 f154fed16a115a4094dbb230ef0da63e
      Size/MD5:    95104 9e3137adb1d806a64ecbf35cdb37165e

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   549370 7cdc93d810d869b7258ef8586d36c6ec
      Size/MD5:   206948 ebc3e8cd756ae02015c3374bc21025a8
      Size/MD5:   116582 ee0a5989a52bb6618251e085949b91f1
      Size/MD5:    97538 7244b184d0a04f74b735244b9b8b557f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   538122 c2a61153dd8439d5680f90e8821d5a4c
      Size/MD5:   202950 6357aec33fa998ae1ffa665e896b63f3
      Size/MD5:   115700 c804e21a583ad8728011bec63d3d0624
      Size/MD5:    95702 814d52674a3128d4fe3e5b655e512dc4

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    31176 ad0cfaa93c0c751b82d698273e2fa8de
      Size/MD5:     1025 a94480392f924017018e3438e5923f04
      Size/MD5:  3689759 4ea2dc22a23bf2aa570f868aa86357f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   363690 4d8e0b3533ab4d53eea4bb5b5253f1f9
      Size/MD5:   608510 838f1a4a1170f2307d28b53d6f9cf46b
      Size/MD5:   229840 5121bb96c07a576309d87fa7151c9b5d
      Size/MD5:   268506 827d70aaaaaf64977589faa2978e46b4
      Size/MD5:   159374 48b849d13858eab3dd4939e4ba3ffe28
      Size/MD5:   108208 4ce2d5f3e30fa38391f2cfb8122ec811

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   348208 a78bbe76123b499723915648c0977f46
      Size/MD5:   590508 6ee5ddf8795368a4c3a9bb99cbdac70d
      Size/MD5:   218758 9f4d59fa825ea0a6bf1c5a2a6750155b
      Size/MD5:   247416 ae7c0c7ceadc522f0b5494c767ebf23d
      Size/MD5:   153158 3a94fd4c9e96b4e9d0917fbd35860b55
      Size/MD5:   107320 4c788703060a0f5d5c76c9fa8a374418

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   363428 f88c2ef73133684e83fd8fef79414d47
      Size/MD5:   617434 7c19b73e0e77ec34592318c2833737c9
      Size/MD5:   234612 3568043063885c8159d0d06b7480d345
      Size/MD5:   271254 09db21b96b201ab40d0111a02ab53eb7
      Size/MD5:   159684 182a5a84ce93c43d680910261a66fed8
      Size/MD5:   110904 6ff6e079f8406b01823440c0d7899cb5

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   336696 c4e756c6e27623817320a501ca7098d1
      Size/MD5:   603682 b49e0aafcc966bc2e2a83d6d67d69876
      Size/MD5:   221856 dcb03fb5e96fd95c4074b7f6635b3ca6
      Size/MD5:   250254 de0dd392ffe9c17e316c2343c6b54b9e
      Size/MD5:   154234 9161b281ea1b2ed55d22502c3d2a6761
      Size/MD5:   108298 0415840880ef71235788ceac153a78c3

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   191877 788089a700761fb82128b6cc1c4d350f
      Size/MD5:     1026 5b742326922b28bf564197640966e5cb
      Size/MD5:  2780016 59fe34e85692f71df2a38c2ee291b3ca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   362298 6b92220e91857ee34eab9914ee101a59
      Size/MD5:   612778 e44b1bd1d80bcbcf0933ac18865e78b1
      Size/MD5:   231648 d139e9b0ce7b736be9f39a9b703ac090
      Size/MD5:   267688 e3603768baf61a937467d6094e854ff6
      Size/MD5:   160536 bb86459b4652221971b4beddf571c697
      Size/MD5:   109520 2dfb1b0a34ca36ae7a37eb671ebd6f58

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   349154 925a6c3de50381aa9859e8f4e8639c54
      Size/MD5:   595214 2226664f0469540c4def7973227251f7
      Size/MD5:   220254 2786a031e34e8713f39b6673b4fd6b8d
      Size/MD5:   248028 7a0536b5e5c6d8c103ea4702ef12461d
      Size/MD5:   154744 1f7a80c73a5c8f51f4f8293da387b41a
      Size/MD5:   108660 adc4d45e5f4659deb565edc6b8036c0d

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   353478 cf471cf9aebbf7ebe4b5813817e2319e
      Size/MD5:   597170 e5824caafac76c93bbf7a0e7553ce664
      Size/MD5:   220726 0def64d849054146ff8ad46ca23f7e56
      Size/MD5:   253318 4fb6e71fdbd8ec1028e610cd416da4b5
      Size/MD5:   153676 681f9ae104d06073b3a8f94b20894dad
      Size/MD5:   108710 a280424aee4ced880986bb330f9b9c8c

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   362880 5cf6a137cd3a6df672cdf0918a733f4d
      Size/MD5:   621898 fe708fb294bf10a4fba4280d737edafa
      Size/MD5:   236082 6e9b2f0fce8f7dd2f8e65796b38ea61e
      Size/MD5:   271266 ba18540b950362b23b1d896ed115be57
      Size/MD5:   160772 b4240dbc0e1f26e7630b37f8313bbc18
      Size/MD5:   112182 0286d069b6091120cab9ff40c0a61ab4

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   336228 be25bcc2d4647942a3cdfcc133236b0c
      Size/MD5:   609024 bdd5f270d76a95d1cb250c5134b2d32f
      Size/MD5:   223384 d13ccffe0f7aa359367537d1889a7a45
      Size/MD5:   250396 c658547ab958a5e76e2877f952b0b85a
      Size/MD5:   155564 51d9bf29b67cbf6a16ffb7cf994081b1
      Size/MD5:   109618 260b74e4502517b319952e07a7d85d09

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:   150251 51649bee162255c1cda225fceb74f7e2
      Size/MD5:     1026 7e45b5d02e8be4204a38f8c9888489fc
      Size/MD5:  2783003 d6a9a020a76a3db17848d769d6c9c8a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   359522 698e72117365fc5b259901ac45ee7248
      Size/MD5:   613764 99aaa0b0e2b881771335008db19393d3
      Size/MD5:   230260 75deee14dd7c733c0ed1305e266e8b41
      Size/MD5:   269988 5c56866bba98156c2496c6ab941a0862
      Size/MD5:   161132 ba7a93754445906dd095917140122f94
      Size/MD5:   110106 6d72c0beec8f5ad605f1e1f908f3d657

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   344904 cf58efe7caa274026b267df6e4db4614
      Size/MD5:   596700 f61063f709ae6a183e45ef83a210d534
      Size/MD5:   219764 74a7de7d0e7167d57ea722165c9cafc6
      Size/MD5:   254216 7d0bf14d7fafac0803a3bd7bff7da95e
      Size/MD5:   155034 c77e26dedadebd59100f177594f53781
      Size/MD5:   109286 09cfbd1588efc34815796206ed71e646

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   351186 c02d1b4df1dc37425f3c1ff04d7af912
      Size/MD5:   598572 78dffcebdb6df1e585882cd9ff18ab47
      Size/MD5:   219616 bcb4873e55651abd183a1caf621ac784
      Size/MD5:   253246 b0948dec06fdec29cdac3e79abb760d8
      Size/MD5:   153898 17655039f2965f06709f63263db54bdd
      Size/MD5:   109320 117af5dfe0c562e30fe61b8cd5267533

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   358558 71a69fd2d974158fc85c07879a4e4e63
      Size/MD5:   624338 ef61b076b890411f689aaabc1cb5b24f
      Size/MD5:   235338 a4793bbaf523df172e4e7338bd741361
      Size/MD5:   268036 c6ebb4a2ca1262040b635580d6045ded
      Size/MD5:   160524 def0bc29804f7adccab74433ce3512dc
      Size/MD5:   112754 7ed9b642be56b9c7dd93def00a3ff681

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   332666 79c598e359898b6883f0e1ec9e204935
      Size/MD5:   610368 242f7909eeab411d95bc1dda5f10488d
      Size/MD5:   222038 089b07bd91adb2237ccd756a64145dbc
      Size/MD5:   255742 7dd2874192921154eaeafa98d4fdf0e0
      Size/MD5:   155216 aaf79ab34eee2474c4782d376cd7e89d
      Size/MD5:   110174 e5b3782796aae108117c51690d5dc94d

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.