libxslt-1.1.17-2.1.2AXS3
エラータID: AXSA:2008-83:01
リリース日:
2008/09/10 Wednesday - 12:41
題名:
libxslt-1.1.17-2.1.2AXS3
影響のあるチャネル:
Asianux Server 3 for ia64
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
libxslt の libexslt には、cypto.c の RC4 暗号/復号関数 (exsltCryptoRc4EncryptFunction/exsltCryptoRc4DecryptFunction) において、XML ファイルの XSL 入力引数の取り扱いに不備があり、ヒープベースのバッファオーバーフローの脆弱性が存在します。(CVE-2008-2935)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください
CVE:
CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- libxslt-1.1.17-2.1.2AXS3.i386.rpm
MD5: 86a388e894fc18cd23640da5120fe274
SHA-256: 6cd7d4d47b8e3e617aff63b52732dfc8e360f7db2d5eb2e7102c6b6d0554aac7
Size: 487.01 kB - libxslt-devel-1.1.17-2.1.2AXS3.i386.rpm
MD5: 722cbdcd9046440b2785d840028fcc1b
SHA-256: 3d650dafe086aa33167e8b139f2981194e15e8d49e41b2eac94e57b85c5d9f18
Size: 297.04 kB - libxslt-python-1.1.17-2.1.2AXS3.i386.rpm
MD5: 059764b625f60221ba2338253e3dde39
SHA-256: 7517e9a759cb80196c829400d8d6d8a1c90823a64cfc415d1df9ad456c6ead00
Size: 135.65 kB
Asianux Server 3 for x86_64
- libxslt-1.1.17-2.1.2AXS3.x86_64.rpm
MD5: dbcaf13794360d5b19c027c5b5b86d68
SHA-256: 0ea21defdd608b2c8b0b330fd99aac49f48d46c024393a6724b325783fa90022
Size: 490.50 kB - libxslt-devel-1.1.17-2.1.2AXS3.x86_64.rpm
MD5: c5d63979533686b731f6160b6ec81ee3
SHA-256: be0c59ea9cfa6f471e689e38a9328719e5a4a6f790881fa795592e0ab05af3ff
Size: 308.84 kB - libxslt-python-1.1.17-2.1.2AXS3.x86_64.rpm
MD5: b45a3d35ff1b5916ef34162037499458
SHA-256: dccddcc3c425cdd0fef656e856b117c0b7082ac713cdd730a72ccfd4af3a79b9
Size: 136.09 kB