OpenSuSE has issued an advisory today (July 17): http://lists.opensuse.org/opensuse-updates/2012-07/msg00033.html Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libxslt packages fix security vulnerability: The XSL implementation in libxslt 1.1.26 and earlier allows remote attackers to cause a denial of service (incorrect read operation) via an incorrect read operation (CVE-2012-2825). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825 http://lists.opensuse.org/opensuse-updates/2012-07/msg00033.html ======================== Updated packages in core/updates_testing: ======================== xsltproc-1.1.26-5.2.mga1 libxslt1-1.1.26-5.2.mga1 python-libxslt-1.1.26-5.2.mga1 libxslt-devel-1.1.26-5.2.mga1 xsltproc-1.1.26-6.20120127.2.mga2 libxslt1-1.1.26-6.20120127.2.mga2 python-libxslt-1.1.26-6.20120127.2.mga2 libxslt-devel-1.1.26-6.20120127.2.mga2 from SRPMS: libxslt-1.1.26-5.2.mga1.src.rpm libxslt-1.1.26-6.20120127.2.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Created attachment 2568 [details] zip of files for testing Files created based on http://www.w3.org/TR/xslt#section-Examples
Testing complete on Mageia 2 i586. $ xsltproc my.style my.dtd <?xml version="1.0" encoding="iso-8859-1"?> <html xmlns="http://www.w3.org/TR/xhtml1/strict"> <head> <title>Document Title</title> </head> <body> <h1>Document Title</h1> <h2>Chapter Title</h2> <h3>Section Title</h3> <p>This is a test.</p> <p class="note"><b>NOTE: </b>This is a note.</p> <h3>Another Section Title</h3> <p>This is <em>another</em> test.</p> <p class="note"><b>NOTE: </b>This is another note.</p> </body> </html> I'll test Mageia 1 i586 shortly.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO => MGA1TOO MGA2-32-OK
Testing complete on Mageia 1 i586
Whiteboard: MGA1TOO MGA2-32-OK => MGA1TOO MGA2-32-OK MGA1-32-OK
Testing ok using Dave's procedure and files, on Mageia 2 64 bits
CC: (none) => stormiWhiteboard: MGA1TOO MGA2-32-OK MGA1-32-OK => MGA1TOO MGA2-32-OK MGA1-32-OK MGA2-64-OK
Mandriva has issued an advisory for this today (July 23): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:109 I just noticed a mistake in my advisory, so reposting it now. Advisory: ======================== Updated libxslt packages fix security vulnerability: The XSL implementation in libxslt 1.1.26 and earlier allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825 http://lists.opensuse.org/opensuse-updates/2012-07/msg00033.html ======================== Updated packages in core/updates_testing: ======================== xsltproc-1.1.26-5.2.mga1 libxslt1-1.1.26-5.2.mga1 python-libxslt-1.1.26-5.2.mga1 libxslt-devel-1.1.26-5.2.mga1 xsltproc-1.1.26-6.20120127.2.mga2 libxslt1-1.1.26-6.20120127.2.mga2 python-libxslt-1.1.26-6.20120127.2.mga2 libxslt-devel-1.1.26-6.20120127.2.mga2 from SRPMS: libxslt-1.1.26-5.2.mga1.src.rpm libxslt-1.1.26-6.20120127.2.mga2.src.rpm
Testing complete on Mageia 1 64 bits. Update validated. See comment #5 for advisory and packages. No linking required. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO MGA2-32-OK MGA1-32-OK MGA2-64-OK => MGA1TOO MGA2-32-OK MGA1-32-OK MGA2-64-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0180
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED