MDVSA-2012:164 -- Mandriva libxsltID: oval:org.secpod.oval:def:302975 | Date: (C)2012-11-06 (M)2023-12-14 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in libxslt: Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors . libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c . libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h . Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2011.0 |