UbuntuUpdates.org

Package "libxslt1-dev"

Name: libxslt1-dev

Description:

XSLT 1.0 processing library - development kit
Latest version: 1.1.34-4ubuntu0.22.04.4
Release: jammy (22.04)
Level: updates
Repository: main
Head package: libxslt
Homepage: http://xmlsoft.org/xslt/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libxslt1-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libxslt1-dev" in Jammy

Repository Area Version
base main 1.1.34-4build2
security main 1.1.34-4ubuntu0.22.04.4

Changelog

Version: 1.1.34-4ubuntu0.22.04.4 2025-06-26 22:07:09 UTC

  libxslt (1.1.34-4ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: ASLR bypass due to exposure of sensitive information
    - debian/patches/0002-Make-generate-id-deterministic.patch: removed, as
    this was an old and incomplete implementation of the fix.
    - debian/patches/CVE-2023-40403-1.patch: implement infrastructure to
    store extra data in source nodes.
    - debian/patches/CVE-2023-40403-2.patch: store key status of source
    nodes as bit flag.
    - debian/patches/CVE-2023-40403-3.patch: store RVT ownership in
    'compression' member.
    - debian/patches/CVE-2023-40403-4.patch: remove the use of
    &base_address when generating ids in libxslt/functions.c.
    - debian/patches/CVE-2023-40403-5.patch: clean up attributes in
    source doc.
    - CVE-2023-40403

 -- Edwin Jiang <email address hidden> Fri, 20 Jun 2025 09:52:36 -0400
Source diff to previous version
CVE-2023-40403 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 1

Version: 1.1.34-4ubuntu0.22.04.3 2025-03-20 20:06:57 UTC

  libxslt (1.1.34-4ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free via nested XPath evaluations
    - debian/patches/CVE-2025-24855.patch: properly handle XPath context
      nodes and transformation context nodes in libxslt/numbers.c,
      libxslt/templates.c, libxslt/xsltutils.c.
    - CVE-2025-24855

 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2025 12:54:45 -0400
Source diff to previous version
CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restore

Version: 1.1.34-4ubuntu0.22.04.2 2025-03-19 18:06:55 UTC

  libxslt (1.1.34-4ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free via exclusion of result prefixes
    - debian/patches/CVE-2024-55549.patch: store string in stylesheet's
      dict to avoid use after free in libxslt/xslt.c.
    - CVE-2024-55549

 -- Marc Deslauriers <email address hidden> Tue, 18 Mar 2025 10:41:52 -0400
Source diff to previous version
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Version: 1.1.34-4ubuntu0.22.04.1 2022-08-22 16:07:28 UTC

  libxslt (1.1.34-4ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-30560.patch: fix use after free
      in xsltApplyTemplates in libxslt/transform.c.
    - CVE-2021-30560

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 08:44:36 -0300
CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted H


About   -   Send Feedback to @ubuntu_updates