[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1756-1] libxslt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libxslt
Version        : 1.1.28-2+deb8u4
CVE ID         : CVE-2019-11068
Debian Bug     : #926895

It was discovered that there was a authentication bypass
vulnerability in libxslt, a widely-used library for transforming
files from XML to other arbitrary format.

The xsltCheckRead and xsltCheckWrite routines permitted access upon
receiving an-1 error code and (as xsltCheckRead returned -1 for a
specially-crafted URL that is not actually invalid) the attacker was
subsequently authenticated.

For Debian 8 "Jessie", this issue has been fixed in libxslt version
1.1.28-2+deb8u4.

We recommend that you upgrade your libxslt packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAly0rE4ACgkQHpU+J9Qx
Hlg1Vg/8D+4zAN887+Grk7O0mgxnphSiJjVueeeC4DUEYAoAk6dgv4WCe951/avL
RWvxpPVYmVnbg66MzWAyZiY3zNEDsj5G1tBtCJfQx8ITuVOh/W20IxANCOdnN8fw
FaEoYbAj4OiAcuR+exWw/JuUUkByEQzHVssrbISlB0SoQpoOe+tBB1kAyuCc01SX
UyEWIXWFYw9Oj2VQEvCAx7E4uSfQ9clFWpnyR27cValR5NrYCYKKq4exXr4/JxAt
fNhRGgioiMisC5d4vZNp3K+Go+v0vydHDGSTFvK8+KccnUi9T+ioqVQFdq5HHlOk
fOkaxxrtrgDgN4xMVQrhgSL1XFn7/UOqUOqkTRNLUfnwbL8+Ye3E/W2Mnv+J42ng
09l7t41eBWn6KyNbCsgk3DTthZ42TMoaJQHbaNNL4OCRnubbH132nY3VQp1OGrYX
6Mr0TdkDudSNsRu473vFw11ShYEmEjvXgpNYmVKMj7k4l2TXSjjw3e+MZOMIe99K
r8QYrfZzoHk4yXbzodFr9rv2pwVvowwboZWqpgg/OBnOiKj+thBec8Qp8cj+ctrg
YqYlncIQ2SlaWuIO/ni7k3dnLijWmoTad7XWiTyqMomJpeBg122NKKVPxFTFgcHK
yW4umtmPcngIGaSlQiuhNL9R8jWmym7GuAY8Qw1FiRdJJipEhdA=
=67Zv
-----END PGP SIGNATURE-----


Reply to: