To: [email protected]Subject: [ MDVSA-2008:151 ] - Updated libxslt packages fix buffer overflow vulnerability
Date: Mon, 21 Jul 2008 19:49:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1KL6zs-0000Du-O7@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:151
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxslt
Date : July 21, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer overflow vulnerability in libxslt could be exploited via an
XSL style sheet file with a long XLST transformation match condition,
which could possibly lead to the execution of arbitrary code
(CVE-2008-1767).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
269e6513a992d9e016db3908e06590f5 2007.1/i586/libxslt1-1.1.20-2.1mdv2007.1.i586.rpm
035cc26a3cfdfe3961ce07289e0f1625 2007.1/i586/libxslt1-devel-1.1.20-2.1mdv2007.1.i586.rpm
acb69204b57de4cb539c7c1829f4b6e9 2007.1/i586/libxslt-proc-1.1.20-2.1mdv2007.1.i586.rpm
d19e9c0ef2bfb8ae3e5ec910e26735d6 2007.1/i586/python-libxslt-1.1.20-2.1mdv2007.1.i586.rpm
4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
8fcff8e0c639455c50315af9d420b020 2007.1/x86_64/lib64xslt1-1.1.20-2.1mdv2007.1.x86_64.rpm
5ddbaa4453c968da07fb497f75ede8d2 2007.1/x86_64/lib64xslt1-devel-1.1.20-2.1mdv2007.1.x86_64.rpm
3acf4044b3d8eccf21e94dd1cdb03f7c 2007.1/x86_64/libxslt-proc-1.1.20-2.1mdv2007.1.x86_64.rpm
46d41b25c0feb01ca0b16ef251b51236 2007.1/x86_64/python-libxslt-1.1.20-2.1mdv2007.1.x86_64.rpm
4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
b54f606226545944f6691bc5b4951af4 2008.0/i586/libxslt1-1.1.22-2.1mdv2008.0.i586.rpm
ff696b5846ae5936b5602094922a3276 2008.0/i586/libxslt-devel-1.1.22-2.1mdv2008.0.i586.rpm
92328e34c084986c674e16184492365a 2008.0/i586/libxslt-proc-1.1.22-2.1mdv2008.0.i586.rpm
b2fe8b69925a6d6c8671f9d2146de82d 2008.0/i586/python-libxslt-1.1.22-2.1mdv2008.0.i586.rpm
c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d93a7df55dbf546d3bb03f84ccfd3e46 2008.0/x86_64/lib64xslt1-1.1.22-2.1mdv2008.0.x86_64.rpm
79098087f94766034cf27925ef0923b7 2008.0/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.0.x86_64.rpm
22e0c6c896efe7cff21f8242cd362e79 2008.0/x86_64/libxslt-proc-1.1.22-2.1mdv2008.0.x86_64.rpm
9ecb4e151c77575bff8b627b26fbf949 2008.0/x86_64/python-libxslt-1.1.22-2.1mdv2008.0.x86_64.rpm
c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
564225f1f8fc90de67dcf190bf367a54 2008.1/i586/libxslt1-1.1.22-2.1mdv2008.1.i586.rpm
4a245a02cca0f57b94d3b838d55cd646 2008.1/i586/libxslt-devel-1.1.22-2.1mdv2008.1.i586.rpm
408a00d6b663ff7cec94210551ffab5b 2008.1/i586/libxslt-proc-1.1.22-2.1mdv2008.1.i586.rpm
ff3e1498caf4afdc098c7ed6aa93eaaa 2008.1/i586/python-libxslt-1.1.22-2.1mdv2008.1.i586.rpm
f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
494326373eca400d832d2bd4a87cbf32 2008.1/x86_64/lib64xslt1-1.1.22-2.1mdv2008.1.x86_64.rpm
dcdfaa95b392d09b809341a50e381a1d 2008.1/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.1.x86_64.rpm
da14b3e445e1711cc20d9151b94dbf4a 2008.1/x86_64/libxslt-proc-1.1.22-2.1mdv2008.1.x86_64.rpm
5f553b350a9a96a784b754b8da3b1331 2008.1/x86_64/python-libxslt-1.1.22-2.1mdv2008.1.x86_64.rpm
f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm
Corporate 3.0:
3bad56368c2013918528b5c91d36a540 corporate/3.0/i586/libxslt1-1.1.2-1.1.C30mdk.i586.rpm
e8f0d690402867f35fe383f57f1309fb corporate/3.0/i586/libxslt1-devel-1.1.2-1.1.C30mdk.i586.rpm
e31d2747065fbe3290bcdea0429f4b38 corporate/3.0/i586/libxslt-proc-1.1.2-1.1.C30mdk.i586.rpm
292bd60026d2fab7c121e8dd4ebe7489 corporate/3.0/i586/libxslt-python-1.1.2-1.1.C30mdk.i586.rpm
6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
334e2ddcc66df63e59a5cf3bed7aa12e corporate/3.0/x86_64/lib64xslt1-1.1.2-1.1.C30mdk.x86_64.rpm
25185db8f68ee30df4382b83ba3e91da corporate/3.0/x86_64/lib64xslt1-devel-1.1.2-1.1.C30mdk.x86_64.rpm
99f9597a0e431d68db06d34175658512 corporate/3.0/x86_64/libxslt-proc-1.1.2-1.1.C30mdk.x86_64.rpm
af53b90f2c6c10a9abe11ee3d655ffb9 corporate/3.0/x86_64/libxslt-python-1.1.2-1.1.C30mdk.x86_64.rpm
6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm
Corporate 4.0:
401a4225975ceee992bfcf8f7fe1c717 corporate/4.0/i586/libxslt1-1.1.15-1.1.20060mlcs4.i586.rpm
946ef45293b40f93f6651d6520a73f9a corporate/4.0/i586/libxslt1-devel-1.1.15-1.1.20060mlcs4.i586.rpm
4cf60d91fc60bbb1abf0da486e160ec2 corporate/4.0/i586/libxslt-proc-1.1.15-1.1.20060mlcs4.i586.rpm
9e39ec030460550aa65e620ea8527727 corporate/4.0/i586/libxslt-python-1.1.15-1.1.20060mlcs4.i586.rpm
c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8c3fc8b33f79304d8d855772bead0896 corporate/4.0/x86_64/lib64xslt1-1.1.15-1.1.20060mlcs4.x86_64.rpm
b4f06dd5b4537ae670920dcd84ad1e4b corporate/4.0/x86_64/lib64xslt1-devel-1.1.15-1.1.20060mlcs4.x86_64.rpm
9241685719d35f788bc34bef26f6a471 corporate/4.0/x86_64/libxslt-proc-1.1.15-1.1.20060mlcs4.x86_64.rpm
bf3ca6342f8327926df5f940ec399c4b corporate/4.0/x86_64/libxslt-python-1.1.15-1.1.20060mlcs4.x86_64.rpm
c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIhQ36mqjQ0CJFipgRAi9eAJ9RVcKUd+Q+xukmpZAjhlGt8eJzawCbBfKO
yRmmTSD6f3PkvymAlolIBB4=
=UXWQ
-----END PGP SIGNATURE-----