[SECURITY] [DLA 514-1] libxslt security update

2016-06-1221:50:20

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

Package : libxslt
Version : 1.1.26-14.1+deb7u1
CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684

Several vulnerabilities were found in libxslt.

CVE-2015-7995

A missing type check could cause an application crash via a
especially crafted file.

CVE-2016-1683

An out of bounds heap access bug was found in libxslt.

CVE-2016-1684

There was an integer overflow bug in libxslt that could lead to an
application crash.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.26-14.1+deb7u1.

We recommend that you upgrade your libxslt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8arm64libxslt1-dev< 1.1.28-2+deb8u1libxslt1-dev_1.1.28-2+deb8u1_arm64.deb
Debian8powerpcpython-libxslt1< 1.1.28-2+deb8u1python-libxslt1_1.1.28-2+deb8u1_powerpc.deb
Debian8powerpclibxslt1-dev< 1.1.28-2+deb8u1libxslt1-dev_1.1.28-2+deb8u1_powerpc.deb
Debian7i386xsltproc< 1.1.26-14.1+deb7u1xsltproc_1.1.26-14.1+deb7u1_i386.deb
Debian7i386libxslt1.1< 1.1.26-14.1+deb7u1libxslt1.1_1.1.26-14.1+deb7u1_i386.deb
Debian7amd64libxslt1-dbg< 1.1.26-14.1+deb7u1libxslt1-dbg_1.1.26-14.1+deb7u1_amd64.deb
Debian8amd64libxslt1-dbg< 1.1.28-2+deb8u1libxslt1-dbg_1.1.28-2+deb8u1_amd64.deb
Debian8amd64chromium< 51.0.2704.63-1~deb8u1chromium_51.0.2704.63-1~deb8u1_amd64.deb
Debian8arm64libxslt1.1< 1.1.28-2+deb8u1libxslt1.1_1.1.28-2+deb8u1_arm64.deb
Debian8i386chromium< 51.0.2704.63-1~deb8u1chromium_51.0.2704.63-1~deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libxslt1-dev	< 1.1.28-2+deb8u1	libxslt1-dev_1.1.28-2+deb8u1_arm64.deb
Debian	8	powerpc	python-libxslt1	< 1.1.28-2+deb8u1	python-libxslt1_1.1.28-2+deb8u1_powerpc.deb
Debian	8	powerpc	libxslt1-dev	< 1.1.28-2+deb8u1	libxslt1-dev_1.1.28-2+deb8u1_powerpc.deb
Debian	7	i386	xsltproc	< 1.1.26-14.1+deb7u1	xsltproc_1.1.26-14.1+deb7u1_i386.deb
Debian	7	i386	libxslt1.1	< 1.1.26-14.1+deb7u1	libxslt1.1_1.1.26-14.1+deb7u1_i386.deb
Debian	7	amd64	libxslt1-dbg	< 1.1.26-14.1+deb7u1	libxslt1-dbg_1.1.26-14.1+deb7u1_amd64.deb
Debian	8	amd64	libxslt1-dbg	< 1.1.28-2+deb8u1	libxslt1-dbg_1.1.28-2+deb8u1_amd64.deb
Debian	8	amd64	chromium	< 51.0.2704.63-1~deb8u1	chromium_51.0.2704.63-1~deb8u1_amd64.deb
Debian	8	arm64	libxslt1.1	< 1.1.28-2+deb8u1	libxslt1.1_1.1.28-2+deb8u1_arm64.deb
Debian	8	i386	chromium	< 51.0.2704.63-1~deb8u1	chromium_51.0.2704.63-1~deb8u1_i386.deb