MGASA-2013-0107
| Date: | April 4th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated libxslt packages fix security vulnerability:
Nicholas Gregoire discovered that libxslt incorrectly handled certain
empty values. If a user or automated system were tricked into processing
a specially crafted XSLT document, a remote attacker could cause libxslt
to crash, causing a denial of service (CVE-2012-6139).
Updated Packages:
i586:
libxslt1-1.1.26-6.20120127.5.mga2.i586.rpm
libxslt-devel-1.1.26-6.20120127.5.mga2.i586.rpm
python-libxslt-1.1.26-6.20120127.5.mga2.i586.rpm
xsltproc-1.1.26-6.20120127.5.mga2.i586.rpm
libxslt-debug-1.1.26-6.20120127.5.mga2.i586.rpm
x86_64:
lib64xslt1-1.1.26-6.20120127.5.mga2.x86_64.rpm
lib64xslt-devel-1.1.26-6.20120127.5.mga2.x86_64.rpm
python-libxslt-1.1.26-6.20120127.5.mga2.x86_64.rpm
xsltproc-1.1.26-6.20120127.5.mga2.x86_64.rpm
libxslt-debug-1.1.26-6.20120127.5.mga2.x86_64.rpm
SRPMS:
libxslt-1.1.26-6.20120127.5.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
http://www.ubuntu.com/usn/usn-1784-1/
https://bugs.mageia.org/show_bug.cgi?id=9592
