[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2012:164 -- Mandriva libxslt

ID: oval:org.secpod.oval:def:302975Date: (C)2012-11-06   (M)2023-12-14
Class: PATCHFamily: unix




Multiple vulnerabilities has been discovered and corrected in libxslt: Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors . libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c . libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h . Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms . The updated packages have been patched to correct these issues.

Platform:
Mandriva Linux 2011.0
Product:
libxslt
Reference:
MDVSA-2012:164
CVE-2011-1202
CVE-2012-2870
CVE-2012-2871
CVE-2012-2893
CVE    4
CVE-2011-1202
CVE-2012-2870
CVE-2012-2871
CVE-2012-2893
...
CPE    1
cpe:/o:mandriva:linux:2011.0

© SecPod Technologies