9592 – libxslt new security issue CVE-2012-6139

Bug 9592 - libxslt new security issue CVE-2012-6139

Summary: libxslt new security issue CVE-2012-6139

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/545585/
Whiteboard:	MGA2-64-OK MGA2-32-OK
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-04-02 20:44 CEST by David Walser
Modified:	2013-04-04 23:28 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	libxslt-1.1.26-6.20120127.4.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-04-02 20:44:51 CEST

Ubuntu has issued an advisory today (April 2):
http://www.ubuntu.com/usn/usn-1784-1/

Cauldron is not affected (already fixed upstream in 1.1.28).

Patched package uploaded for Mageia 2.

Patch added to Mageia 1 SVN.

Advisory:
========================

Updated libxslt packages fix security vulnerability:

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty
values. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could cause libxslt to
crash, causing a denial of service (CVE-2012-6139).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
http://www.ubuntu.com/usn/usn-1784-1/
========================

Updated packages in core/updates_testing:
========================
xsltproc-1.1.26-6.20120127.5.mga2
libxslt1-1.1.26-6.20120127.5.mga2
python-libxslt-1.1.26-6.20120127.5.mga2
libxslt-devel-1.1.26-6.20120127.5.mga2

from libxslt-1.1.26-6.20120127.5.mga2.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2013-04-02 20:46:05 CEST

Note to QA: Information about PoCs here:
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6139.html

Comment 2 Dave Hodgins 2013-04-02 23:24:18 CEST

Testing complete on Mageia 2 i586 and x86_64.

Confirmed the segfault is fixed.

Could someone from the sysadmin team push the srpm
libxslt-1.1.26-6.20120127.5.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated libxslt packages fix security vulnerability:

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty
values. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could cause libxslt to
crash, causing a denial of service (CVE-2012-6139).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
http://www.ubuntu.com/usn/usn-1784-1/

https://bugs.mageia.org/show_bug.cgi?id=9592

Keywords: (none) => validated_update
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Thomas Backlund 2013-04-04 23:28:49 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.