[Security Announce] [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability

news · July 22, 2008

This is a multi-part message in MIME format...

------------=_1216691436-11275-7518

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:151

http://www.mandriva.com/security/

_______________________________________________________________________

Package : libxslt

Date : July 21, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

Problem Description:

A buffer overflow vulnerability in libxslt could be exploited via an

XSL style sheet file with a long XLST transformation match condition,

which could possibly lead to the execution of arbitrary code

(CVE-2008-1767).

The updated packages have been patched to correct this issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

269e6513a992d9e016db3908e06590f5 2007.1/i586/libxslt1-1.1.20-2.1mdv2007.1.i586.rpm

035cc26a3cfdfe3961ce07289e0f1625 2007.1/i586/libxslt1-devel-1.1.20-2.1mdv2007.1.i586.rpm

acb69204b57de4cb539c7c1829f4b6e9 2007.1/i586/libxslt-proc-1.1.20-2.1mdv2007.1.i586.rpm

d19e9c0ef2bfb8ae3e5ec910e26735d6 2007.1/i586/python-libxslt-1.1.20-2.1mdv2007.1.i586.rpm

4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

8fcff8e0c639455c50315af9d420b020 2007.1/x86_64/lib64xslt1-1.1.20-2.1mdv2007.1.x86_64.rpm

5ddbaa4453c968da07fb497f75ede8d2 2007.1/x86_64/lib64xslt1-devel-1.1.20-2.1mdv2007.1.x86_64.rpm

3acf4044b3d8eccf21e94dd1cdb03f7c 2007.1/x86_64/libxslt-proc-1.1.20-2.1mdv2007.1.x86_64.rpm

46d41b25c0feb01ca0b16ef251b51236 2007.1/x86_64/python-libxslt-1.1.20-2.1mdv2007.1.x86_64.rpm

4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:

b54f606226545944f6691bc5b4951af4 2008.0/i586/libxslt1-1.1.22-2.1mdv2008.0.i586.rpm

ff696b5846ae5936b5602094922a3276 2008.0/i586/libxslt-devel-1.1.22-2.1mdv2008.0.i586.rpm

92328e34c084986c674e16184492365a 2008.0/i586/libxslt-proc-1.1.22-2.1mdv2008.0.i586.rpm

b2fe8b69925a6d6c8671f9d2146de82d 2008.0/i586/python-libxslt-1.1.22-2.1mdv2008.0.i586.rpm

c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

d93a7df55dbf546d3bb03f84ccfd3e46 2008.0/x86_64/lib64xslt1-1.1.22-2.1mdv2008.0.x86_64.rpm

79098087f94766034cf27925ef0923b7 2008.0/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.0.x86_64.rpm

22e0c6c896efe7cff21f8242cd362e79 2008.0/x86_64/libxslt-proc-1.1.22-2.1mdv2008.0.x86_64.rpm

9ecb4e151c77575bff8b627b26fbf949 2008.0/x86_64/python-libxslt-1.1.22-2.1mdv2008.0.x86_64.rpm

c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:

564225f1f8fc90de67dcf190bf367a54 2008.1/i586/libxslt1-1.1.22-2.1mdv2008.1.i586.rpm

4a245a02cca0f57b94d3b838d55cd646 2008.1/i586/libxslt-devel-1.1.22-2.1mdv2008.1.i586.rpm

408a00d6b663ff7cec94210551ffab5b 2008.1/i586/libxslt-proc-1.1.22-2.1mdv2008.1.i586.rpm

ff3e1498caf4afdc098c7ed6aa93eaaa 2008.1/i586/python-libxslt-1.1.22-2.1mdv2008.1.i586.rpm

f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:

494326373eca400d832d2bd4a87cbf32 2008.1/x86_64/lib64xslt1-1.1.22-2.1mdv2008.1.x86_64.rpm

dcdfaa95b392d09b809341a50e381a1d 2008.1/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.1.x86_64.rpm

da14b3e445e1711cc20d9151b94dbf4a 2008.1/x86_64/libxslt-proc-1.1.22-2.1mdv2008.1.x86_64.rpm

5f553b350a9a96a784b754b8da3b1331 2008.1/x86_64/python-libxslt-1.1.22-2.1mdv2008.1.x86_64.rpm

f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm

Corporate 3.0:

3bad56368c2013918528b5c91d36a540 corporate/3.0/i586/libxslt1-1.1.2-1.1.C30mdk.i586.rpm

e8f0d690402867f35fe383f57f1309fb corporate/3.0/i586/libxslt1-devel-1.1.2-1.1.C30mdk.i586.rpm

e31d2747065fbe3290bcdea0429f4b38 corporate/3.0/i586/libxslt-proc-1.1.2-1.1.C30mdk.i586.rpm

292bd60026d2fab7c121e8dd4ebe7489 corporate/3.0/i586/libxslt-python-1.1.2-1.1.C30mdk.i586.rpm

6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:

334e2ddcc66df63e59a5cf3bed7aa12e corporate/3.0/x86_64/lib64xslt1-1.1.2-1.1.C30mdk.x86_64.rpm

25185db8f68ee30df4382b83ba3e91da corporate/3.0/x86_64/lib64xslt1-devel-1.1.2-1.1.C30mdk.x86_64.rpm

99f9597a0e431d68db06d34175658512 corporate/3.0/x86_64/libxslt-proc-1.1.2-1.1.C30mdk.x86_64.rpm

af53b90f2c6c10a9abe11ee3d655ffb9 corporate/3.0/x86_64/libxslt-python-1.1.2-1.1.C30mdk.x86_64.rpm

6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm

Corporate 4.0:

401a4225975ceee992bfcf8f7fe1c717 corporate/4.0/i586/libxslt1-1.1.15-1.1.20060mlcs4.i586.rpm

946ef45293b40f93f6651d6520a73f9a corporate/4.0/i586/libxslt1-devel-1.1.15-1.1.20060mlcs4.i586.rpm

4cf60d91fc60bbb1abf0da486e160ec2 corporate/4.0/i586/libxslt-proc-1.1.15-1.1.20060mlcs4.i586.rpm

9e39ec030460550aa65e620ea8527727 corporate/4.0/i586/libxslt-python-1.1.15-1.1.20060mlcs4.i586.rpm

c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

8c3fc8b33f79304d8d855772bead0896 corporate/4.0/x86_64/lib64xslt1-1.1.15-1.1.20060mlcs4.x86_64.rpm

b4f06dd5b4537ae670920dcd84ad1e4b corporate/4.0/x86_64/lib64xslt1-devel-1.1.15-1.1.20060mlcs4.x86_64.rpm

9241685719d35f788bc34bef26f6a471 corporate/4.0/x86_64/libxslt-proc-1.1.15-1.1.20060mlcs4.x86_64.rpm

bf3ca6342f8327926df5f940ec399c4b corporate/4.0/x86_64/libxslt-python-1.1.15-1.1.20060mlcs4.x86_64.rpm

c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIhQ36mqjQ0CJFipgRAi9eAJ9RVcKUd+Q+xukmpZAjhlGt8eJzawCbBfKO

yRmmTSD6f3PkvymAlolIBB4=

=UXWQ

-----END PGP SIGNATURE-----

------------=_1216691436-11275-7518

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1216691436-11275-7518--

Sign In

[Security Announce] [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity