Bug 7714 - libxslt new security issue CVE-2012-2893
: libxslt new security issue CVE-2012-2893
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/518619/
: MGA1TOO has_procedure mga2-32-OK mga2...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-04 22:23 CEST by David Walser
Modified: 2012-10-06 17:23 CEST (History)
3 users (show)

See Also:
Source RPM: libxslt
CVE:
Status comment:


Attachments

Description David Walser 2012-10-04 22:23:19 CEST
Ubuntu has issued an advisory today (October 4):
http://www.ubuntu.com/usn/usn-1595-1/

Patched packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated libxslt packages fix security vulnerability:

Double free vulnerability in libxslt allows remote attackers to cause a
denial of service or possibly have unspecified other impact via vectors
related to XSL transforms (CVE-2012-2893).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
http://www.ubuntu.com/usn/usn-1595-1/
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.26-5.4.mga1
libxslt1-1.1.26-5.4.mga1
python-libxslt-1.1.26-5.4.mga1
libxslt-devel-1.1.26-5.4.mga1
xsltproc-1.1.26-6.20120127.4.mga2
libxslt1-1.1.26-6.20120127.4.mga2
python-libxslt-1.1.26-6.20120127.4.mga2
libxslt-devel-1.1.26-6.20120127.4.mga2

from SRPMS:
libxslt-1.1.26-5.4.mga1.src.rpm
libxslt-1.1.26-6.20120127.4.mga2.src.rpm
Comment 1 user7 2012-10-04 22:40:56 CEST
Testing procedure can be found on our wiki: https://wiki.mageia.org/en/QA_procedure:Libxslt
Comment 2 claire robinson 2012-10-05 12:45:25 CEST
Testing complete mga2 32
Comment 3 claire robinson 2012-10-05 12:48:05 CEST
testing complete mga2 64
Comment 4 claire robinson 2012-10-05 12:55:30 CEST
mga1 32 ok
Comment 5 claire robinson 2012-10-05 13:05:28 CEST
mga2-64-OK

Validating

Advisory and srpms in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 6 Thomas Backlund 2012-10-06 17:23:16 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0283

Note You need to log in before you can comment on or make changes to this bug.