Bug 17040 - libxslt new security issue CVE-2015-7995
Summary: libxslt new security issue CVE-2015-7995
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/663516/
Whiteboard: has_procedure MGA5-32-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-10-28 18:13 CET by David Walser
Modified: 2015-11-06 18:26 CET (History)
2 users (show)

See Also:
Source RPM: libxslt-1.1.28-8.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-10-28 18:13:59 CET
A CVE was assigned for a DoS issue in libxslt:
http://openwall.com/lists/oss-security/2015/10/28/4

The RedHat bug has the patch and a reproducer PoC:
https://bugzilla.redhat.com/show_bug.cgi?id=1257962

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated libxslt packages fix security vulnerability:

A type confusion vulnerability in libxslt in xsltStylePreCompute() in
preproc.c can lead to a denial of service (CVE-2015-7995).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://openwall.com/lists/oss-security/2015/10/28/4
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.28-8.1.mga5
libxslt1-1.1.28-8.1.mga5
python-libxslt-1.1.28-8.1.mga5
libxslt-devel-1.1.28-8.1.mga5

from libxslt-1.1.28-8.1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2015-11-02 15:20:46 CET
Procedure: https://wiki.mageia.org/en/QA_procedure:Libxslt

Whiteboard: (none) => has_procedure

Comment 2 David Walser 2015-11-03 21:14:26 CET
Tested the xsltproc procedure from Comment 1 on Mageia 5 i586, verified OK.

Also confirmed the segmentation fault in the PoC before the update.  After the update it errored out as follows:
$ xsltproc poc
compilation error: file poc line 3 element attribute
XSLT-attribute: The attribute 'name' is missing.
compilation error: file poc line 3 element attribute
xsltParseStylesheetProcess : document is not a stylesheet

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Dave Hodgins 2015-11-05 22:22:03 CET

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2015-11-05 23:47:04 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0432.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-11-06 18:26:28 CET

URL: (none) => http://lwn.net/Vulnerabilities/663516/


Note You need to log in before you can comment on or make changes to this bug.