SUSE-SU-2017:1313-1
Vulnerability Summary
Timeline
Description
Security update for libxslt This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474)
Affected Systems
- suse•libxslt&distro=SUSE Linux Enterprise Desktop 12 SP1
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Desktop 12 SP2
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Server 12 SP1
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Server 12 SP2
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 1.1.28-16.1
- suse•libxslt&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 1.1.28-16.1
References (9)
- https://www.suse.com/support/update/announcement/2017/suse-su-20171313-1/
- https://bugzilla.suse.com/1005591
- https://bugzilla.suse.com/1035905
- https://bugzilla.suse.com/934119
- https://bugzilla.suse.com/952474
- https://www.suse.com/security/cve/CVE-2015-7995
- https://www.suse.com/security/cve/CVE-2015-9019
- https://www.suse.com/security/cve/CVE-2016-4738
- https://www.suse.com/security/cve/CVE-2017-5029