thr3ads.net - Secure testing team - [Secure-testing-team] Bug#621691: libxslt1.1: XML Security Library "xslt.c" Arbitrary File Access [Apr 2011]

If this information is useful, please help other people find it:
Share via:

Paul Szabo

2011-Apr-07 21:14 UTC

[Secure-testing-team] Bug#621691: libxslt1.1: XML Security Library "xslt.c" Arbitrary File Access

Package: libxslt1.1
Version: 1.1.24-2
Severity: grave
Tags: security
Justification: user security hole


Please note messages:
  http://www.sans.org/newsletters/risk/display.php?v=10&i=14#11.15.18
  http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
Seems to me that Debian is affected.
(I do not use XML so did not verify.)

Thanks,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.8
  APT prefers oldstable
  APT policy: (500, ''oldstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-pk04.09-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libxslt1.1 depends on:
ii  libc6               2.7-18lenny7         GNU C Library: Shared libraries
ii  libgcrypt11         1.4.1-1              LGPL Crypto library - runtime libr
ii  libxml2             2.6.32.dfsg-5+lenny3 GNOME XML library

libxslt1.1 recommends no packages.

libxslt1.1 suggests no packages.

-- no debconf information

Secure testing team - Apr 2011 - Bug#621691: libxslt1.1: XML Security Library "xslt.c" Arbitrary File Access

[Secure-testing-team] Bug#621691: libxslt1.1: XML Security Library "xslt.c" Arbitrary File Access