(RHSA-2020:4005) Moderate: libxslt security update

2020-09-2907:50:58

access.redhat.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.

Security Fix(es):

libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)
libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64libxslt-debuginfo< 1.1.28-6.el7libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm
RedHat7s390xlibxslt-python< 1.1.28-6.el7libxslt-python-1.1.28-6.el7.s390x.rpm
RedHat7s390xlibxslt-devel< 1.1.28-6.el7libxslt-devel-1.1.28-6.el7.s390x.rpm
RedHat7s390libxslt< 1.1.28-6.el7libxslt-1.1.28-6.el7.s390.rpm
RedHat7i686libxslt< 1.1.28-6.el7libxslt-1.1.28-6.el7.i686.rpm
RedHat7ppclibxslt-debuginfo< 1.1.28-6.el7libxslt-debuginfo-1.1.28-6.el7.ppc.rpm
RedHat7x86_64libxslt-python< 1.1.28-6.el7libxslt-python-1.1.28-6.el7.x86_64.rpm
RedHat7s390xlibxslt-debuginfo< 1.1.28-6.el7libxslt-debuginfo-1.1.28-6.el7.s390x.rpm
RedHat7ppc64lelibxslt-devel< 1.1.28-6.el7libxslt-devel-1.1.28-6.el7.ppc64le.rpm
RedHat7ppc64libxslt< 1.1.28-6.el7libxslt-1.1.28-6.el7.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	libxslt-debuginfo	< 1.1.28-6.el7	libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm
RedHat	7	s390x	libxslt-python	< 1.1.28-6.el7	libxslt-python-1.1.28-6.el7.s390x.rpm
RedHat	7	s390x	libxslt-devel	< 1.1.28-6.el7	libxslt-devel-1.1.28-6.el7.s390x.rpm
RedHat	7	s390	libxslt	< 1.1.28-6.el7	libxslt-1.1.28-6.el7.s390.rpm
RedHat	7	i686	libxslt	< 1.1.28-6.el7	libxslt-1.1.28-6.el7.i686.rpm
RedHat	7	ppc	libxslt-debuginfo	< 1.1.28-6.el7	libxslt-debuginfo-1.1.28-6.el7.ppc.rpm
RedHat	7	x86_64	libxslt-python	< 1.1.28-6.el7	libxslt-python-1.1.28-6.el7.x86_64.rpm
RedHat	7	s390x	libxslt-debuginfo	< 1.1.28-6.el7	libxslt-debuginfo-1.1.28-6.el7.s390x.rpm
RedHat	7	ppc64le	libxslt-devel	< 1.1.28-6.el7	libxslt-devel-1.1.28-6.el7.ppc64le.rpm
RedHat	7	ppc64	libxslt	< 1.1.28-6.el7	libxslt-1.1.28-6.el7.ppc64.rpm