Bug 17040

Summary: libxslt new security issue CVE-2015-7995
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/663516/
Whiteboard: has_procedure MGA5-32-OK advisory
Source RPM: libxslt-1.1.28-8.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-10-28 18:13:59 CET 
A CVE was assigned for a DoS issue in libxslt:
http://openwall.com/lists/oss-security/2015/10/28/4

The RedHat bug has the patch and a reproducer PoC:
https://bugzilla.redhat.com/show_bug.cgi?id=1257962

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated libxslt packages fix security vulnerability:

A type confusion vulnerability in libxslt in xsltStylePreCompute() in
preproc.c can lead to a denial of service (CVE-2015-7995).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://openwall.com/lists/oss-security/2015/10/28/4
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.28-8.1.mga5
libxslt1-1.1.28-8.1.mga5
python-libxslt-1.1.28-8.1.mga5
libxslt-devel-1.1.28-8.1.mga5

from libxslt-1.1.28-8.1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2015-11-02 15:20:46 CET 
Procedure: https://wiki.mageia.org/en/QA_procedure:Libxslt

Whiteboard: (none) => has_procedure

Comment 2 David Walser 2015-11-03 21:14:26 CET 
Tested the xsltproc procedure from Comment 1 on Mageia 5 i586, verified OK.

Also confirmed the segmentation fault in the PoC before the update.  After the update it errored out as follows:
$ xsltproc poc
compilation error: file poc line 3 element attribute
XSLT-attribute: The attribute 'name' is missing.
compilation error: file poc line 3 element attribute
xsltParseStylesheetProcess : document is not a stylesheet

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Dave Hodgins 2015-11-05 22:22:03 CET

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2015-11-05 23:47:04 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0432.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-11-06 18:26:28 CET

URL: (none) => http://lwn.net/Vulnerabilities/663516/