Security update for libxslt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1390-1 Final 1 1 2017-05-23T15:32:20Z current 2017-05-23T15:32:20Z 2017-05-23T15:32:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxslt This update for libxslt fixes the following security issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html E-Mail link for openSUSE-SU-2017:1390-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 libxslt-1.1.28-10.3.1 libxslt-devel-1.1.28-10.3.1 libxslt-devel-32bit-1.1.28-10.3.1 libxslt-python-1.1.28-10.3.1 libxslt-tools-1.1.28-10.3.1 libxslt1-1.1.28-10.3.1 libxslt1-32bit-1.1.28-10.3.1 libxslt-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt-devel-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt-devel-32bit-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt-python-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt-tools-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt1-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 libxslt1-32bit-1.1.28-10.3.1 as a component of openSUSE Leap 42.2 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVE-2015-7995 openSUSE Leap 42.2:libxslt-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-tools-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-32bit-1.1.28-10.3.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html https://www.suse.com/security/cve/CVE-2015-7995.html CVE-2015-7995 https://bugzilla.suse.com/1123130 SUSE Bug 1123130 https://bugzilla.suse.com/952474 SUSE Bug 952474 In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. CVE-2015-9019 openSUSE Leap 42.2:libxslt-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-tools-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-32bit-1.1.28-10.3.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html https://www.suse.com/security/cve/CVE-2015-9019.html CVE-2015-9019 https://bugzilla.suse.com/1123130 SUSE Bug 1123130 https://bugzilla.suse.com/934119 SUSE Bug 934119 libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-4738 openSUSE Leap 42.2:libxslt-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-tools-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-32bit-1.1.28-10.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html https://www.suse.com/security/cve/CVE-2016-4738.html CVE-2016-4738 https://bugzilla.suse.com/1005591 SUSE Bug 1005591 https://bugzilla.suse.com/1123130 SUSE Bug 1123130 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2017-5029 openSUSE Leap 42.2:libxslt-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-devel-32bit-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-python-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt-tools-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-1.1.28-10.3.1 openSUSE Leap 42.2:libxslt1-32bit-1.1.28-10.3.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00079.html https://www.suse.com/security/cve/CVE-2017-5029.html CVE-2017-5029 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 https://bugzilla.suse.com/1035905 SUSE Bug 1035905 https://bugzilla.suse.com/1123130 SUSE Bug 1123130