SUSE-SU-2017:1282-1 -- SLES libxsltID: oval:org.secpod.oval:def:89044603 | Date: (C)2021-06-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page . - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string . - CVE-2015-9019: Properly initialize random generator . - CVE-2015-7995: Vulnerability in function xsltStylePreComputequot; in preproc.c could cause a type confusion leading to DoS
Platform: |
SUSE Linux Enterprise Server 11 SP4 |