(RHSA-2008:0649) Moderate: libxslt security update

2008-07-31T04:00:00
ID RHSA-2008:0649
Type redhat
Reporter RedHat
Modified 2017-09-08T11:56:01

Description

libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism.

A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935)

Red Hat would like to thank Chris Evans for reporting this vulnerability.

All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.