Security update for libxslt
This update for libxslt fixes the following issues:
Security issues fixed:
- CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
- CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).
- CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1140101
VUL-1: CVE-2019-13118: libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character
bnc#1140095
VUL-1: CVE-2019-13117: libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
bnc#1154609
VUL-1: CVE-2019-18197: libxslt: lack of pointer reset may lead to memory write or disclosure of uninitialized data
