Bug 20921 - libxslt new security issue CVE-2015-9019
Summary: libxslt new security issue CVE-2015-9019
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-05-24 12:24 CEST by David Walser
Modified: 2017-06-12 09:43 CEST (History)
5 users (show)

See Also:
Source RPM: libxslt-1.1.29-5.mga6.src.rpm
CVE: CVE-2015-9019
Status comment:


Attachments

Description David Walser 2017-05-24 12:24:04 CEST
openSUSE has issued an advisory on May 23:
https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html

We had previously fixed the other issues, but CVE-2015-9019 is a new one.

The SUSE bug has more information on this:
https://bugzilla.suse.com/show_bug.cgi?id=934119

Mageia 5 is also affected.
David Walser 2017-05-24 12:24:12 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Nicolas Lécureuil 2017-05-26 08:53:35 CEST
Fixed in cauldron

Version: Cauldron => 5
CC: (none) => mageia
Whiteboard: MGA5TOO => (none)
CVE: (none) => CVE-2015-9019

Comment 2 Marja Van Waes 2017-05-28 06:07:54 CEST
Assigning to the registered maintainer.

Assignee: bugsquad => shlomif
CC: (none) => marja11

Comment 3 Nicolas Lécureuil 2017-06-01 23:30:57 CEST
pushed in updates_testing:

src.rpm:  libxslt-1.1.29-1.3.mga5

Assignee: shlomif => qa-bugs

Comment 4 David Walser 2017-06-02 03:04:46 CEST
Advisory:
========================

Updated libxslt packages fix security vulnerability:

The libxslt library failed to seed its random number generator, resulting in
predictable random values (CVE-2015-9019).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9019
https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.29-1.3.mga5
libxslt1-1.1.29-1.3.mga5
python-libxslt-1.1.29-1.3.mga5
libxslt-devel-1.1.29-1.3.mga5

from libxslt-1.1.29-1.3.mga5.src.rpm
Comment 5 Herman Viaene 2017-06-05 10:32:01 CEST
MGA5-32 on Asus A6000VM Xfce
No installation issues
Followed test procedure as per bug 20760 Comment 4 (tx Dave), all tests OK.

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Lewis Smith 2017-06-09 21:29:50 CEST

CC: (none) => lewyssmith
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory

Comment 6 David Walser 2017-06-10 15:35:42 CEST
Procedure works fine on Mageia 5 x86_64:
https://wiki.mageia.org/en/QA_procedure:Libxslt

Whiteboard: MGA5-32-OK advisory => MGA5-32-OK MGA5-64-OK advisory

Comment 7 Lewis Smith 2017-06-10 20:47:25 CEST
Thank you both Herman & David for testing this OK. Am validating it.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2017-06-12 09:43:02 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0169.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.