Ubuntu has issued an advisory on April 27:
An upstream commit to fix the issue is linked from:
Mageia 5 is also affected.
Fixed in cauldron
pushed in updates_testing
Updated libxslt packages fix security vulnerability:
Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString()
function in Libxslt. An attacker could use this to craft a malicious document
that, when opened, could cause a denial of service (application crash) or
possible execute arbitrary code (CVE-2017-5029).
Updated packages in core/updates_testing:
Advisory committed to svn.
Mageia 5 x86_64 testing ok, based on
though the direct download links are broken, so used copy/paste.
Testing i586 shortly.
Created attachment 9258 [details]
Created attachment 9259 [details]
Created attachment 9260 [details]
Attachments added for reference in the wiki.
Mageia 5 i586 testing ok. Validating the update.
advisory MGA5-64-OK =>
advisory MGA5-64-OK MGA5-32-OKKeywords:
An update for this issue has been pushed to the Mageia Updates repository.