Bug 684386 (CVE-2011-1202)

Summary: CVE-2011-1202 libxslt: Heap address leak in XLST
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20110222,reported=20110309,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-4/libxslt=wontfix,rhel-5/libxslt=affected,rhel-6/libxslt=affected,rhel-6/mingw32-libxslt=wontfix,fedora-all/libxslt=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-07 12:37:25 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 684388, 852942, 852943, 852945, 852946    
Bug Blocks: 852939    

Description Huzaifa S. Sidhpurwala 2011-03-12 01:14:23 EST
Chris Evans discovered a heap address leak in XSLT
The bug is in the generate-id() XPath function, and is 
sometimes used in XSL transforms. 
This is a low severity information leak, that does not
corrupt anything, However it can be paired with other 
bugs and can be perhaps used as an exploit aid against
ASLR.

References:
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f

This has been assigned CVE-2011-1202.
Comment 1 Huzaifa S. Sidhpurwala 2011-03-12 01:32:00 EST
Created libxslt tracking bugs for this issue

Affects: fedora-all [bug 684388]
Comment 2 Huzaifa S. Sidhpurwala 2011-03-12 01:33:45 EST
Statement:

This issue affects the versions of libxslt package as shipped with Red Hat
Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this
issue as having low security impact, a future update may address this flaw.
Comment 3 errata-xmlrpc 2011-04-28 23:21:32 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4

Via RHSA-2011:0471 https://rhn.redhat.com/errata/RHSA-2011-0471.html
Comment 5 errata-xmlrpc 2012-09-13 13:43:53 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
Comment 6 errata-xmlrpc 2012-09-13 13:48:35 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
Comment 7 Fedora Update System 2012-09-26 05:11:04 EDT
libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-09-27 00:25:51 EDT
libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-12-09 01:30:39 EST
libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.