Get the LinuxSecurity news you want faster with RSS
Powered By
Debian: 2219-1: xmlsec1: arbitrary file overwrite
Posted by Benjamin D. Thomas
Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2219-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xmlsec1
Vulnerability : arbitrary file overwrite
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2011-1425
Debian Bug : 620560
Nicolas Gregoire discovered that the XML Security Library xmlsec allowed
remote attackers to create or overwrite arbitrary files through
specially crafted XML files using the libxslt output extension and a
ds:Transform element during signature verification.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.9-5+lenny1.
For the stable distribution (squeeze), this problem has been fixed in
version 1.2.14-1+squeeze1.
For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in version 1.2.14-1.1.
We recommend that you upgrade your xmlsec1 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
