[SECURITY] [DLA 700-1] libxslt security update

2016-11-0513:34:15

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.3%

JSON

Package : libxslt
Version : 1.1.26-14.1+deb7u2
CVE ID : CVE-2016-4738
Debian Bug : 842570

A heap overread bug was found in libxslt, which can cause arbitrary
code execution or denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.26-14.1+deb7u2.

We recommend that you upgrade your libxslt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7amd64python-libxslt1-dbg< 1.1.26-14.1+deb7u2python-libxslt1-dbg_1.1.26-14.1+deb7u2_amd64.deb
Debian8armellibxslt1.1< 1.1.28-2+deb8u2libxslt1.1_1.1.28-2+deb8u2_armel.deb
Debian8arm64libxslt1-dev< 1.1.28-2+deb8u2libxslt1-dev_1.1.28-2+deb8u2_arm64.deb
Debian8s390xlibxslt1-dev< 1.1.28-2+deb8u2libxslt1-dev_1.1.28-2+deb8u2_s390x.deb
Debian8arm64python-libxslt1-dbg< 1.1.28-2+deb8u2python-libxslt1-dbg_1.1.28-2+deb8u2_arm64.deb
Debian8arm64libxslt1-dbg< 1.1.28-2+deb8u2libxslt1-dbg_1.1.28-2+deb8u2_arm64.deb
Debian7armhfpython-libxslt1-dbg< 1.1.26-14.1+deb7u2python-libxslt1-dbg_1.1.26-14.1+deb7u2_armhf.deb
Debian8ppc64elxsltproc< 1.1.28-2+deb8u2xsltproc_1.1.28-2+deb8u2_ppc64el.deb
Debian8mipsellibxslt1-dev< 1.1.28-2+deb8u2libxslt1-dev_1.1.28-2+deb8u2_mipsel.deb
Debian8ppc64ellibxslt1-dev< 1.1.28-2+deb8u2libxslt1-dev_1.1.28-2+deb8u2_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	python-libxslt1-dbg	< 1.1.26-14.1+deb7u2	python-libxslt1-dbg_1.1.26-14.1+deb7u2_amd64.deb
Debian	8	armel	libxslt1.1	< 1.1.28-2+deb8u2	libxslt1.1_1.1.28-2+deb8u2_armel.deb
Debian	8	arm64	libxslt1-dev	< 1.1.28-2+deb8u2	libxslt1-dev_1.1.28-2+deb8u2_arm64.deb
Debian	8	s390x	libxslt1-dev	< 1.1.28-2+deb8u2	libxslt1-dev_1.1.28-2+deb8u2_s390x.deb
Debian	8	arm64	python-libxslt1-dbg	< 1.1.28-2+deb8u2	python-libxslt1-dbg_1.1.28-2+deb8u2_arm64.deb
Debian	8	arm64	libxslt1-dbg	< 1.1.28-2+deb8u2	libxslt1-dbg_1.1.28-2+deb8u2_arm64.deb
Debian	7	armhf	python-libxslt1-dbg	< 1.1.26-14.1+deb7u2	python-libxslt1-dbg_1.1.26-14.1+deb7u2_armhf.deb
Debian	8	ppc64el	xsltproc	< 1.1.28-2+deb8u2	xsltproc_1.1.28-2+deb8u2_ppc64el.deb
Debian	8	mipsel	libxslt1-dev	< 1.1.28-2+deb8u2	libxslt1-dev_1.1.28-2+deb8u2_mipsel.deb
Debian	8	ppc64el	libxslt1-dev	< 1.1.28-2+deb8u2	libxslt1-dev_1.1.28-2+deb8u2_ppc64el.deb