Download
| Alert*
oval:org.secpod.oval:def:89003468
This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead and xsltCheckWrite would permit access upon receiving an error . oval:org.secpod.oval:def:54509 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:116788 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine oval:org.secpod.oval:def:1801392 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801396 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801398 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801385 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:116753 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine oval:org.secpod.oval:def:1601029 libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded oval:org.secpod.oval:def:1801485 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1601410 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:67961 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:504691 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:1601384 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:2105160 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1901854 libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:59259 The host is installed with Oracle Java SE through 8u221 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JavaFX (libxslt). Successful exploitation allows attackers to affect confidentiality, integrity and availability. oval:org.secpod.oval:def:704899 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:2500095 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. oval:org.secpod.oval:def:1700444 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:504297 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:1504269 [1.1.28-6.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.28-6] - Fix CVE-2019-18197 - Fix CVE-2019-11068 oval:org.secpod.oval:def:1504030 [1.1.32-5.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-5] - Fix CVE-2019-18197 - Fix CVE-2019-11068 oval:org.secpod.oval:def:59116 The host is installed with Oracle Java SE through 8u221 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JavaFX (libxslt). Successful exploitation allows attackers to affect confidentiality, integrity and availability. oval:org.secpod.oval:def:116772 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine |