CentOS ProjectCESA-2008:0287libxslt security update
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%
CentOS Errata and Security Advisory CESA-2008:0287
libxslt is a C library, based on libxml, for parsing of XML files into
other textual formats (eg HTML, plain text and other XML representations of
the underlying data) It uses the standard XSLT stylesheet transformation
mechanism and, being written in plain ANSI C, is designed to be simple to
incorporate into other applications
Anthony de Almeida Lopes reported the libxslt library did not properly
process long βtransformation matchβ conditions in the XSL stylesheet files.
An attacker could create a malicious XSL file that would cause a crash, or,
possibly, execute and arbitrary code with the privileges of the application
using libxslt library to perform XSL transformations. (CVE-2008-1767)
All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077082.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077083.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077084.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077085.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077091.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077092.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077095.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077096.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077098.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077100.html
Affected packages:
libxslt
libxslt-devel
libxslt-python
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0287
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 3 | i386 | libxslt | <Β 1.0.33-6 | libxslt-1.0.33-6.i386.rpm |
| CentOS | 3 | i386 | libxslt-devel | <Β 1.0.33-6 | libxslt-devel-1.0.33-6.i386.rpm |
| CentOS | 3 | i386 | libxslt-python | <Β 1.0.33-6 | libxslt-python-1.0.33-6.i386.rpm |
| CentOS | 3 | i386 | libxslt | <Β 1.0.33-6 | libxslt-1.0.33-6.i386.rpm |
| CentOS | 3 | x86_64 | libxslt | <Β 1.0.33-6 | libxslt-1.0.33-6.x86_64.rpm |
| CentOS | 3 | x86_64 | libxslt-devel | <Β 1.0.33-6 | libxslt-devel-1.0.33-6.x86_64.rpm |
| CentOS | 3 | x86_64 | libxslt-python | <Β 1.0.33-6 | libxslt-python-1.0.33-6.x86_64.rpm |
| CentOS | 5 | i386 | libxslt | <Β 1.1.17-2.el5_1.1 | libxslt-1.1.17-2.el5_1.1.i386.rpm |
| CentOS | 5 | i386 | libxslt-devel | <Β 1.1.17-2.el5_1.1 | libxslt-devel-1.1.17-2.el5_1.1.i386.rpm |
| CentOS | 5 | i386 | libxslt-python | <Β 1.1.17-2.el5_1.1 | libxslt-python-1.1.17-2.el5_1.1.i386.rpm |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%