Ubuntu has issued an advisory on April 27: https://www.ubuntu.com/usn/usn-3271-1/ An upstream commit to fix the issue is linked from: http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Fixed in cauldron
Whiteboard: MGA5TOO => (none)CC: (none) => mageiaCVE: (none) => CVE-2017-5029Version: Cauldron => 5
pushed in updates_testing src.rpm: libxslt-1.1.29-1.2.mga5
Assignee: shlomif => qa-bugs
Advisory: ======================== Updated libxslt packages fix security vulnerability: Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code (CVE-2017-5029). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029 https://www.ubuntu.com/usn/usn-3271-1/ ======================== Updated packages in core/updates_testing: ======================== xsltproc-1.1.29-1.2.mga5 libxslt1-1.1.29-1.2.mga5 python-libxslt-1.1.29-1.2.mga5 libxslt-devel-1.1.29-1.2.mga5 from libxslt-1.1.29-1.2.mga5.src.rpm
Advisory committed to svn. Mageia 5 x86_64 testing ok, based on https://wiki.mageia.org/en/QA_procedure:Libxslt though the direct download links are broken, so used copy/paste. Testing i586 shortly.
Whiteboard: (none) => advisory MGA5-64-OKCC: (none) => davidwhodgins
Created attachment 9258 [details] cdcatalog.xml
Created attachment 9259 [details] cdcatalog.xsl
Created attachment 9260 [details] libxml_xslt_transform_example.py Attachments added for reference in the wiki.
Mageia 5 i586 testing ok. Validating the update.
Whiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK MGA5-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0125.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED