Security update for libxslt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1439-1 Final 1 1 2016-05-30T08:27:30Z current 2016-05-30T08:27:30Z 2016-05-30T08:27:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxslt This update for libxslt fixes the following issues: - CVE-2015-7995: A type confusion in preprocessing attributes was fixed [boo#952474]. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html E-Mail link for openSUSE-SU-2016:1439-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libxslt-1.1.28-7.3.1 libxslt-debugsource-1.1.28-7.3.1 libxslt-devel-1.1.28-7.3.1 libxslt-devel-32bit-1.1.28-7.3.1 libxslt-python-1.1.28-7.3.1 libxslt-python-debuginfo-1.1.28-7.3.1 libxslt-python-debugsource-1.1.28-7.3.1 libxslt-tools-1.1.28-7.3.1 libxslt-tools-debuginfo-1.1.28-7.3.1 libxslt1-1.1.28-7.3.1 libxslt1-32bit-1.1.28-7.3.1 libxslt1-debuginfo-1.1.28-7.3.1 libxslt1-debuginfo-32bit-1.1.28-7.3.1 libxslt-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-debugsource-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-devel-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-devel-32bit-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-python-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-python-debuginfo-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-python-debugsource-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-tools-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt-tools-debuginfo-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt1-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt1-32bit-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt1-debuginfo-1.1.28-7.3.1 as a component of openSUSE 13.2 libxslt1-debuginfo-32bit-1.1.28-7.3.1 as a component of openSUSE 13.2 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVE-2015-7995 openSUSE 13.2:libxslt-1.1.28-7.3.1 openSUSE 13.2:libxslt-debugsource-1.1.28-7.3.1 openSUSE 13.2:libxslt-devel-1.1.28-7.3.1 openSUSE 13.2:libxslt-devel-32bit-1.1.28-7.3.1 openSUSE 13.2:libxslt-python-1.1.28-7.3.1 openSUSE 13.2:libxslt-python-debuginfo-1.1.28-7.3.1 openSUSE 13.2:libxslt-python-debugsource-1.1.28-7.3.1 openSUSE 13.2:libxslt-tools-1.1.28-7.3.1 openSUSE 13.2:libxslt-tools-debuginfo-1.1.28-7.3.1 openSUSE 13.2:libxslt1-1.1.28-7.3.1 openSUSE 13.2:libxslt1-32bit-1.1.28-7.3.1 openSUSE 13.2:libxslt1-debuginfo-1.1.28-7.3.1 openSUSE 13.2:libxslt1-debuginfo-32bit-1.1.28-7.3.1 low Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html https://www.suse.com/security/cve/CVE-2015-7995.html CVE-2015-7995 https://bugzilla.suse.com/952474 SUSE Bug 952474