libxslt-1.1.32-5.el8
エラータID: AXSA:2021-1107:01
libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.
Security Fix(es):
* libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)
* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Update packages.
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
N/A
SRPMS
- libxslt-1.1.32-5.el8.src.rpm
MD5: 1342c5aaa48fc731673c515095bed199
SHA-256: 29f43ffd1b4604d222e69839f1ddfbd89268dac2c4c21ace2fa26b7ebe9936b7
Size: 3.28 MB
Asianux Server 8 for x86_64
- libxslt-1.1.32-5.el8.x86_64.rpm
MD5: 211ef3df1deb5d2ebf1534c61d112914
SHA-256: a5ef2af499ca1dba65163577c5eb0b7e6469aad90c490c651b1b26775326a123
Size: 248.34 kB - libxslt-devel-1.1.32-5.el8.x86_64.rpm
MD5: 2588c26ed789e108c1761673b500825a
SHA-256: 02b2eef478ab8fda42eba014ddbab018b582da891008d003db6ea2f4e3958586
Size: 321.50 kB - libxslt-1.1.32-5.el8.i686.rpm
MD5: cf4361b0956c6e2d30c8fe3aa154c4ad
SHA-256: 50026a7d65c49daf7bff6e9ce1540832adc1ca5648af4904ba963bc69e396654
Size: 261.43 kB - libxslt-devel-1.1.32-5.el8.i686.rpm
MD5: 0f163f605eafa4c78e0ba6306478a8ae
SHA-256: 7d663173cece559a8293dc6cecb25f734782c9b0b1b949dd6d335826e32eeb97
Size: 321.52 kB