[SECURITY] [DLA 866-1] libxslt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 866-1] libxslt security update
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 23 Mar 2017 14:20:26 +0100
Message-id: <[🔎] 20170323132026.akme554hyceacqc6@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : libxslt
Version        : 1.1.26-14.1+deb7u3
CVE ID         : CVE-2017-5029
Debian Bug     : 858546

libxslt is vulnerable to an integer overflow in the xsltAddTextString
function that can be exploited to trigger an out of bounds write on 64-bit
systems.

For Debian 7 "Wheezy", this problem has been fixed in version
1.1.26-14.1+deb7u3.

We recommend that you upgrade your libxslt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 865-1] suricata security update
Next by Date: [SECURITY] [DLA 867-1] audiofile security update
Previous by thread: [SECURITY] [DLA 865-1] suricata security update
Next by thread: [SECURITY] [DLA 867-1] audiofile security update
Index(es):
- Date
- Thread