SUSE-SU-2017:1282-1
Vulnerability Summary
Timeline
Description
Security update for libxslt This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)
Affected Systems
- suse•libxslt-python&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 1.1.24-19.33.3
- suse•libxslt&distro=SUSE Linux Enterprise Server 11 SP4
< 1.1.24-19.33.1
- suse•libxslt&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 1.1.24-19.33.1
- suse•libxslt&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 1.1.24-19.33.1
References (9)
- https://www.suse.com/support/update/announcement/2017/suse-su-20171282-1/
- https://bugzilla.suse.com/1005591
- https://bugzilla.suse.com/1035905
- https://bugzilla.suse.com/934119
- https://bugzilla.suse.com/952474
- https://www.suse.com/security/cve/CVE-2015-7995
- https://www.suse.com/security/cve/CVE-2015-9019
- https://www.suse.com/security/cve/CVE-2016-4738
- https://www.suse.com/security/cve/CVE-2017-5029