'Re: [oss-security] CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Servic'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Servic
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-03-25 20:23:58
Message-ID: 5150B25E.2010402 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/25/2013 10:04 AM, Agostino Sarubbo wrote:
> From the secunia advisory: https://secunia.com/advisories/52805/
> 
> 1) An error within the "xsltDocumentFunction()" function
> (libxslt/functions.c) when parsing XSL templates can be exploited
> to cause a crash.
> 
> Commit code: 
> http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
>
>
> 
2) A NULL-pointer dereference error within the "xsltAddKey()" function
> (libxslt/keys.c) when parsing XSL keys can be exploited to cause a
> crash.
> 
> Commit code: 
> http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
>
> 
> 
> 
> Both issue are fixed in the version 1.1.28

CVE MERGING these two issues since same reporter/vuln/version.

Please use CVE-2012-6139 for these two issues.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRULJeAAoJEBYNRVNeJnmTbdEP/RFuhNQ1kKhRMXIIpiDDDB71
SIlt425FLWwotj04DwK3WKdr0t9pr02LWjZ7MzkPDplx1t+0LpI+7TL+RR0Mbox3
rufPU7O9hv1BvRoQMJpvBJ6XGRut2mzmP8MuNVczqzK1asLORatTRrEaSPnfcJdN
jrcVgUP9J9wj1I44zfohwFQO2XNGaJTbES11i/tKNdyryE5mlklxyiSFDH0gIsv1
c38IxMRklmJZck+i4U5XCWOGE2ZMsnbHv8g6oiqAz8p1lAp1vWda+2b+5RGCbV4a
6BooIP1k3iq5JYTRIP2QAhHkAENh2gJXJkQjKsINWHD2bQtW6nuIhtDDXEOIGDgY
FpOXkIOdZgABKlbkM7ksmABg9Pm2qamrXLnQlTIcjF8UJzqmCRiSBtwiEFj8CQ6z
kLyavChywjaNgGKKRg+FtbCAGnzOIjj682j+QIdOLzSiLpdnnEKFAO8eed/MXRqI
pZLmnVqDFfdUl/hTVq2AmsTSUPS+UjRg0HKW9f8dXeTHZMZrBEkqizX0VB7A/HJD
0duLmpABquE9Wm8/4uHzH+nK7kGhQC4sWGSdNx9buEKCcjkSVG2POgRNok15RYqr
h/0iK5T8tNKwVxAkYU+w87oYXcLM5O6KdX5BK2iWBHu8JFEbZzyYPJZPwTGkT0Jc
uGyN9XIUrzR/KgebxRs6
=mCe/
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic