Bug 7714

Summary: libxslt new security issue CVE-2012-2893
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb, wassi
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/518619/
Whiteboard: MGA1TOO has_procedure mga2-32-OK mga2-64-OK mga1-32-OK mga1-64-OK
Source RPM: libxslt CVE:
Status comment:

Description David Walser 2012-10-04 22:23:19 CEST 
Ubuntu has issued an advisory today (October 4):
http://www.ubuntu.com/usn/usn-1595-1/

Patched packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated libxslt packages fix security vulnerability:

Double free vulnerability in libxslt allows remote attackers to cause a
denial of service or possibly have unspecified other impact via vectors
related to XSL transforms (CVE-2012-2893).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
http://www.ubuntu.com/usn/usn-1595-1/
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.26-5.4.mga1
libxslt1-1.1.26-5.4.mga1
python-libxslt-1.1.26-5.4.mga1
libxslt-devel-1.1.26-5.4.mga1
xsltproc-1.1.26-6.20120127.4.mga2
libxslt1-1.1.26-6.20120127.4.mga2
python-libxslt-1.1.26-6.20120127.4.mga2
libxslt-devel-1.1.26-6.20120127.4.mga2

from SRPMS:
libxslt-1.1.26-5.4.mga1.src.rpm
libxslt-1.1.26-6.20120127.4.mga2.src.rpm
David Walser 2012-10-04 22:23:30 CEST

Whiteboard: (none) => MGA1TOO

Comment 1 user7 2012-10-04 22:40:56 CEST 
Testing procedure can be found on our wiki: https://wiki.mageia.org/en/QA_procedure:Libxslt

CC: (none) => wassi
Whiteboard: MGA1TOO => MGA1TOO has_procedure

Comment 2 claire robinson 2012-10-05 12:45:25 CEST 
Testing complete mga2 32

Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure mga2-32-OK

Comment 3 claire robinson 2012-10-05 12:48:05 CEST 
testing complete mga2 64

Whiteboard: MGA1TOO has_procedure mga2-32-OK => MGA1TOO has_procedure mga2-32-OK mga2-64-OK

Comment 4 claire robinson 2012-10-05 12:55:30 CEST 
mga1 32 ok

Whiteboard: MGA1TOO has_procedure mga2-32-OK mga2-64-OK => MGA1TOO has_procedure mga2-32-OK mga2-64-OK mga1-32-OK

Comment 5 claire robinson 2012-10-05 13:05:28 CEST 
mga2-64-OK

Validating

Advisory and srpms in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All
Whiteboard: MGA1TOO has_procedure mga2-32-OK mga2-64-OK mga1-32-OK => MGA1TOO has_procedure mga2-32-OK mga2-64-OK mga1-32-OK mga1-64-OK

Comment 6 Thomas Backlund 2012-10-06 17:23:16 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0283

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED