Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Oct 2015 13:48:38 +0100
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: libxslt xsltStylePreCompute() type confusion DoS

Hi,

A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1257962

Proposed patch (afaik, not yet committed upstream, but I believe that
it'll happen soon):
https://bugzilla.redhat.com/attachment.cgi?id=1086465

Thanks and kind regards,
-- 
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ