Mandriva has issued an advisory for this today (March 1): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:028 Cauldron is likely affected as well.
CC: (none) => fundawang, mageia, pterjan
Looks like Funda Wang took care of Cauldron.
Patched packages uploaded. Advisory: ======================== Updated libxslt packages fix security vulnerability: libxslt allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3970). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:028 ======================== Updated packages in core/updates_testing: ======================== libxslt1-1.1.26-5.1.mga1 libxslt-devel-1.1.26-5.1.mga1 python-libxslt-1.1.26-5.1.mga1 xsltproc-1.1.26-5.1.mga1 from libxslt-1.1.26-5.1.mga1.src.rpm
Assignee: bugsquad => qa-bugs
Blocks: (none) => 4839
As per the reference, the denial of service POC has not been disclosed, so just testing that chromium-browser still works with xhtml pages. Testing complete on i586 for the srpm libxslt-1.1.26-5.1.mga1.src.rpm
CC: (none) => davidwhodgins
Tested x86_64 with chromium-browser and tests from http://tantek.com/XHTML/Test/ Tested xsltproc by following here: http://www.w3schools.com/xsl/xsl_transformation.asp created cdcatalog.xml and cdcatalog.xsl then used $ xsltproc cdcatalog.xsl cdcatalog.xml <html><body> <h2>My CD Collection</h2> <table border="1"> <tr bgcolor="#9acd32"> <th>Title</th> <th>Artist</th> </tr> <tr> <td>Empire Burlesque</td> <td>Bob Dylan</td> </tr> </table> </body></html> For python-xslt used the script from http://lab.usgin.org/groups/etl-debug-blog/xslt-transformations-python-through-gnome-libxml-c-parser Modified the variables to use the cdcatalog.xsl and cdcatalog.xml and output.xml $ python libxml_xslt_transform_example.py Generates the same html above in stdout and saves it to the output.xml file. I'll create a page on the wiki for this for next time.
Validating Advisory and SRPM in comment 2 Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED