| Summary: | libxslt new security issue CVE-2012-2825 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, stormi-mageia, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/507084/ | ||
| Whiteboard: | MGA1TOO MGA2-32-OK MGA1-32-OK MGA2-64-OK MGA1-64-OK | ||
| Source RPM: | libxslt-1.1.26-6.20120127.1.mga2.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | zip of files for testing | ||
|
Description
David Walser
2012-07-18 00:17:00 CEST
David Walser
2012-07-18 00:17:06 CEST
Whiteboard:
(none) =>
MGA1TOO Created attachment 2568 [details] zip of files for testing Files created based on http://www.w3.org/TR/xslt#section-Examples Testing complete on Mageia 2 i586. $ xsltproc my.style my.dtd <?xml version="1.0" encoding="iso-8859-1"?> <html xmlns="http://www.w3.org/TR/xhtml1/strict"> <head> <title>Document Title</title> </head> <body> <h1>Document Title</h1> <h2>Chapter Title</h2> <h3>Section Title</h3> <p>This is a test.</p> <p class="note"><b>NOTE: </b>This is a note.</p> <h3>Another Section Title</h3> <p>This is <em>another</em> test.</p> <p class="note"><b>NOTE: </b>This is another note.</p> </body> </html> I'll test Mageia 1 i586 shortly. CC:
(none) =>
davidwhodgins Testing complete on Mageia 1 i586 Whiteboard:
MGA1TOO MGA2-32-OK =>
MGA1TOO MGA2-32-OK MGA1-32-OK Testing ok using Dave's procedure and files, on Mageia 2 64 bits CC:
(none) =>
stormi Mandriva has issued an advisory for this today (July 23): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:109 I just noticed a mistake in my advisory, so reposting it now. Advisory: ======================== Updated libxslt packages fix security vulnerability: The XSL implementation in libxslt 1.1.26 and earlier allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825 http://lists.opensuse.org/opensuse-updates/2012-07/msg00033.html ======================== Updated packages in core/updates_testing: ======================== xsltproc-1.1.26-5.2.mga1 libxslt1-1.1.26-5.2.mga1 python-libxslt-1.1.26-5.2.mga1 libxslt-devel-1.1.26-5.2.mga1 xsltproc-1.1.26-6.20120127.2.mga2 libxslt1-1.1.26-6.20120127.2.mga2 python-libxslt-1.1.26-6.20120127.2.mga2 libxslt-devel-1.1.26-6.20120127.2.mga2 from SRPMS: libxslt-1.1.26-5.2.mga1.src.rpm libxslt-1.1.26-6.20120127.2.mga2.src.rpm Testing complete on Mageia 1 64 bits. Update validated. See comment #5 for advisory and packages. No linking required. Thanks! Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0180 Status:
NEW =>
RESOLVED |