Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Mar 2013 17:04:05 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities

>From the secunia advisory: https://secunia.com/advisories/52805/

1) An error within the "xsltDocumentFunction()" function (libxslt/functions.c) 
when parsing XSL templates can be exploited to cause a crash.

Commit code:
http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833


2) A NULL-pointer dereference error within the "xsltAddKey()" function 
(libxslt/keys.c) when parsing XSL keys can be exploited to cause a crash.

Commit code:
http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d



Both issue are fixed in the version 1.1.28
-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ