Bug 446809 (CVE-2008-1767)
Summary: | CVE-2008-1767 libxslt: fixed-sized steps array overflow via "template match" condition in XSL file | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | unspecified | CC: | kreilly, veillard | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2008-05-21 08:00:25 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 446886, 446887, 446888, 446890, 446891, 446892, 833935 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Tomas Hoger
2008-05-16 08:44:32 UTC
This issue was reported to us by Anthony de Almeida Lopes. Created attachment 305661 [details]
Local copy of the upstream patch
Clarification of the initial comment #0: this issue is caused by the flaw in the handling of the "template match" condition and it occurs during the parsing / compilation of the crafted XSL style-sheet file. This can only be exploited via malicious XSL file and does not depend on the content of the processed XML file. This issue affected versions of libxslt as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. Created attachment 305960 [details]
Patch for libxslt 1.1.11
Daniel Veillard's backport of the patch to libxslt 1.1.11.
Created attachment 305961 [details]
Patch for libxslt 1.0.15
Daniel Veillard's backport of the patch to libxslt 1.0.15.
Lifting embargo. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0287.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-4130 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3973 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-3889 |