Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libxslt

This update for libxslt fixes the following security issues:

- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check
for integer overflow during a size calculation, which allowed a remote attacker
to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).

- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator
could cause a heap overread. This can be exploited to leak a couple of bytes after
the buffer that holds the pattern string (bsc#1005591).

- CVE-2015-9019: Properly initialize random generator (bsc#934119).

- CVE-2015-7995: Vulnerability in function xsltStylePreCompute" in preproc.c could cause a
type confusion leading to DoS. (bsc#952474)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1005591
VUL-1: CVE-2016-4738: libxslt: Possible heap overread
bnc#934119
VUL-1: CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomness
bnc#1035905
VUL-1: CVE-2017-5029: libxslt: integer overflow during a size calculation (xsltAddTextString function in transform.c)
bnc#952474
VUL-1: CVE-2015-7995 libxslt: Type confusion DoS
CVE-2015-9019
CVE-2017-5029
CVE-2015-7995
CVE-2016-4738
Selected Binaries
openSUSE Build Service is sponsored by
Places