RedHat has issued an advisory on September 13: https://rhn.redhat.com/errata/RHSA-2012-1265.html
Whiteboard: (none) => MGA2TOO, MGA1TOO
Their update also fixes CVE-2011-1202, which is not fixed in our Mageia 1 package.
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory (Mageia 1): ======================== Updated libxslt packages fix security vulnerabilities: An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections (CVE-2011-1202). libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870). A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-2871). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871 https://rhn.redhat.com/errata/RHSA-2012-1265.html Advisory (Mageia 2): ======================== Updated libxslt packages fix security vulnerabilities: libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870). A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-2871). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871 https://rhn.redhat.com/errata/RHSA-2012-1265.html ======================== Updated packages in core/updates_testing: ======================== xsltproc-1.1.26-5.3.mga1 libxslt1-1.1.26-5.3.mga1 python-libxslt-1.1.26-5.3.mga1 libxslt-devel-1.1.26-5.3.mga1 xsltproc-1.1.26-6.20120127.3.mga2 libxslt1-1.1.26-6.20120127.3.mga2 python-libxslt-1.1.26-6.20120127.3.mga2 libxslt-devel-1.1.26-6.20120127.3.mga2 from SRPMS: libxslt-1.1.26-5.3.mga1.src.rpm libxslt-1.1.26-6.20120127.3.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsSummary: libxslt new security issues CVE-2012-2870 and CVE-2012-2871 => libxslt new security issues CVE-2011-1202, CVE-2012-2870 and CVE-2012-2871Whiteboard: MGA2TOO, MGA1TOO => MGA1TOOSeverity: normal => critical
No PoC's that I can find. CVE's mainly refer to it's use in google chrome so testing with chromium-browser with the tests found if you scroll down here: http://greenbytes.de/tech/tc/xslt/
Testing complete Mga2 64 for lib64xslt1, python-libxslt & xsltproc We have a QA procedure for this on the wiki: https://wiki.mageia.org/en/QA_procedure:Libxslt $ strace -o strace.out chromium-browser && grep xslt strace.out | grep -v "such file" open("/usr/lib64/libxslt.so.1", O_RDONLY) = 3 (This line shows it loading the external lib) Other tests produce html output as per the wiki.
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO has_procedure mga2-64-OK
Testing complete Mga1 32
Whiteboard: MGA1TOO has_procedure mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga2-64-OK
Testing complete mga1-64-OK
Hardware: i586 => AllWhiteboard: MGA1TOO has_procedure mga1-32-OK mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-64-OK
Testing complete mga2-32-OK. Everything seems fine. Regards, -- Shlomi Fish
CC: (none) => shlomifWhiteboard: MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-64-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-64-OK mga2-32-OK
Thankyou Shlomi Validating See comment 2 for srpm's and advisories. They are different for mga1 and mga2. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: Mageia 1: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0271 Mageia 2: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0272
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED