Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libxslt vulnerabilities

Related Vulnerabilities: CVE-2011-1202   CVE-2011-3970   CVE-2012-2825   CVE-2012-2870   CVE-2012-2871   CVE-2012-2893  

Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file.

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)

Source

4 October 2012

libxslt vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary

Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file.

Software Description

  • libxslt - XSLT processing library

Details

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)

It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970)

Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825)

Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870)

Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871)

Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS
libxslt1.1 - 1.1.26-8ubuntu1.2
Ubuntu 11.10
libxslt1.1 - 1.1.26-7ubuntu0.1
Ubuntu 11.04
libxslt1.1 - 1.1.26-6ubuntu0.1
Ubuntu 10.04 LTS
libxslt1.1 - 1.1.26-1ubuntu1.1
Ubuntu 8.04 LTS
libxslt1.1 - 1.1.22-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started