UbuntuUpdates.org

Package "libxslt1.1"

Name: libxslt1.1

Description:

XSLT 1.0 processing library - runtime library

Latest version: 1.1.28-2ubuntu0.2
Release: trusty (14.04)
Level: security
Repository: main
Head package: libxslt
Homepage: http://xmlsoft.org/xslt/

Links


Download "libxslt1.1"


Other versions of "libxslt1.1" in Trusty

Repository Area Version
base main 1.1.28-2build1
updates main 1.1.28-2ubuntu0.2

Changelog

Version: 1.1.28-2ubuntu0.2 2019-04-15 19:07:09 UTC

  libxslt (1.1.28-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 14:10:20 -0300

Source diff to previous version
CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving

Version: 1.1.28-2ubuntu0.1 2017-04-28 00:06:39 UTC

  libxslt (1.1.28-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: type-confusion leading to denial of service
    - debian/patches/0009-CVE-2015-7955.patch: check that the parent
      node is an element before dereferencing its namespace
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - debian/patches/0010-CVE-2016-1683.patch: special case namespace
      nodes in xsltNumberFormatGetMultipleLevel
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - debian/patches/0011-CVE-2016-1684-1.patch,
      debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
      bounds for 'i' and 'a' format tokens
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - debian/patches/0014-CVE-2016-4738.patch: check for empty
      decimal separator.
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
      remove duplicate free calls
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
      fix error handling in Saxon extension functions
  * SECURITY UPDATE: out-of-bounds heap memory access
    - 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
      correct type for namespace nodes in exsltDynMapFunction
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
      do not pass namespace "nodes" to xmlGetLineNo
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
      make stack buffer larger
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
      correct stripping of unwanted characters

 -- Steve Beattie <email address hidden> Wed, 26 Apr 2017 16:34:05 -0700

CVE-2015-7955 RESERVED
CVE-2016-1683 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause
CVE-2016-1684 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows rem
CVE-2016-1841 libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbi
CVE-2016-4738 libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a
CVE-2017-5029 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux



About   -   Send Feedback to @ubuntu_updates