Bug 2349766 (CVE-2023-40403)

Summary: CVE-2023-40403 libxslt: Processing web content may disclose sensitive information
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caswilli, kaycoth
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2349962, 2349964, 2349965, 2349963, 2349966, 2349967, 2349968, 2349969, 2349970, 2349971    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-04 12:02:14 UTC 
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.
Comment 2 errata-xmlrpc 2025-06-09 13:57:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8676 https://access.redhat.com/errata/RHSA-2025:8676
Comment 4 errata-xmlrpc 2025-06-12 13:04:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:9016 https://access.redhat.com/errata/RHSA-2025:9016