[SECURITY] [DLA 1860-1] libxslt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libxslt
Version : 1.1.28-2+deb8u5
CVE ID : CVE-2016-4609 CVE-2016-4610 CVE-2019-13117
CVE-2019-13118
Debian Bug : 932321 932320
Several vulnerabilities were found in libxslt the XSLT 1.0 processing
library.
CVE-2016-4610
Invalid memory access leading to DoS at exsltDynMapFunction. libxslt
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
CVE-2016-4609
Out-of-bounds read at xmlGetLineNoInternal()
libxslt allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
CVE-2019-13117
An xsl:number with certain format strings could lead to an
uninitialized read in xsltNumberFormatInsertNumbers. This could
allow an attacker to discern whether a byte on the stack contains
the characters A, a, I, i, or 0, or any other character.
CVE-2019-13118
A type holding grouping characters of an xsl:number instruction was
too narrow and an invalid character/length combination could be
passed to xsltNumberFormatDecimal, leading to a read of
uninitialized stack data.
For Debian 8 "Jessie", these problems have been fixed in version
1.1.28-2+deb8u5.
We recommend that you upgrade your libxslt packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl014W9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSTsQ/+NTZjxFPjyvu2HBjwQA1AzvJt9kL1lTWOb3AAeqyG3nwiZyzZdiW4hdMq
uqEMWy1uTfXap+HezGWPQ0xgzOxZpBelhAL8tgyMiHnOd6UPyEC5AKM5Ta1liZQY
3ndpZuAzOlbXrSqv0Z3QxrqmdQoqHFS+//9W+6EeVI/4iBtWxZAnl9G1Jxwhgt9Q
TDGhvFkzg7J2K5Am39pFVOrdRW+3AVOCP5cxyRqmn5SHrNhtdfwEL7vcFJ3V4pVM
1x4yeIppnz5Z+wJqLB9slzgvphvYzjQ/SEOyDBGvRahhaK/fZxRUb6sNbKm//sTC
T0iu30Xo2XJd+pKXP4Ebpg+QMTdhUquIKLaV78aEsuInaYcsIZwV75fENLurSsgy
BgnQI5VhpXWoYdmdokoPW+qcycLmUeDH/C3UX9LAsvFSsx494qhTN5LYC+jZqVIP
1KzfifQLAjxSzrZzGOzWe9rkQsALQtQQ8wpaw5fWytOC2QoJu+uBrNn2rvx2ikPv
5fvpAtrVyIq6ceu0Fptvwo6ePEfkw7ctd5PGxQW0m0kKpPlH8TB4AKdbBH0PIv1b
FuRVAvVSuperwkhUWNwpzcCNrJpm9Yws96ZsKjRe2P4FAf8iZvU5Lc4dnZAwJ860
lc4LywM+8vfcZNb3SPXU7Hsl4Zev7ie/UnSKualUonNyhVykI1o=
=FavF
-----END PGP SIGNATURE-----
Reply to: