Tuesday, April 2, 2013

[USN-1784-1] libxslt vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRWs5fAAoJEGVp2FWnRL6TaFoQAJepsgd+kegTAiS/0vpdFes6
3TvInwwtdafM8nHeqARQO38whWif7eHmakF9ouCZwNE4NYzcGpx1shxNigtpG6bA
f8Wsl3iNXAy1WaEQ1lEQYIIfkaZWyEIepQg/DHBmVUXbWZMqKwLi8t2bZD6iiEPQ
ZUcXhvsbNtUJJvbhc+E+xoDfu30jvp2YsxBEvU9wdlflgEoOJwhZ9NZnZ8BWoGC9
KTs+izR+ncA6S9YvHuf3naZcqlpcKIkltvTcBGhd5udta4zuOjY1sNhzueh3iyDm
WAKndRoHux41GbV0BKmbO1haYEaWO4sSIgi0g1KTbMTTfFtJTOzGDq3SKmvPF1Ch
MYl4LCX2xD9ICAfG8/SmFTNvNNuX2uyxSzuItjaIVM7SiDdQsOr2ablgfKUA8XjV
rSAlk6nXvms5UxdeVkGGkxVfixU3FAI3XALBzMAkyHkeVhPoYqDu8L1lSXumuu+N
y9eIRcxZmJQJdeq+ZTYz/cgMzcfyY2imbymRyV1+Vr2Gvd/58i0YKgDkyCtJ6cg7
KkVvaAAORcNb4vq0xlZfLKp5hABBCQy9WTJqDhGT0635k05L11Waw8vD4REIDvMn
NbzyewEdw5F39h/915hHkjlICvh7rmEaJ9ZGNLNYsdKjn/XAfYrf+vSQ6awkIBqN
xQ2QlXYALug4RGEU3X/t
=skl8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1784-1
April 02, 2013

libxslt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Applications using libxslt could be made to crash if they processed a
specially crafted file.

Software Description:
- libxslt: XSLT processing library

Details:

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty
values. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could cause libxslt to
crash, causing a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libxslt1.1 1.1.26-14ubuntu0.1

Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.3

Ubuntu 11.10:
libxslt1.1 1.1.26-7ubuntu0.2

Ubuntu 10.04 LTS:
libxslt1.1 1.1.26-1ubuntu1.2

Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1784-1
CVE-2012-6139

Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-14ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.3
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)