Bug 684386 (CVE-2011-1202)

Summary: CVE-2011-1202 libxslt: Heap address leak in XLST
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-07 16:37:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 684388, 852942, 852943, 852945, 852946    
Bug Blocks: 852939    

Description Huzaifa S. Sidhpurwala 2011-03-12 06:14:23 UTC 
Chris Evans discovered a heap address leak in XSLT
The bug is in the generate-id() XPath function, and is 
sometimes used in XSL transforms. 
This is a low severity information leak, that does not
corrupt anything, However it can be paired with other 
bugs and can be perhaps used as an exploit aid against
ASLR.

References:
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f

This has been assigned CVE-2011-1202.
Comment 1 Huzaifa S. Sidhpurwala 2011-03-12 06:32:00 UTC 
Created libxslt tracking bugs for this issue

Affects: fedora-all [bug 684388]
Comment 2 Huzaifa S. Sidhpurwala 2011-03-12 06:33:45 UTC 
Statement:

This issue affects the versions of libxslt package as shipped with Red Hat
Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this
issue as having low security impact, a future update may address this flaw.
Comment 3 errata-xmlrpc 2011-04-29 03:21:32 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4

Via RHSA-2011:0471 https://rhn.redhat.com/errata/RHSA-2011-0471.html
Comment 5 errata-xmlrpc 2012-09-13 17:43:53 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
Comment 6 errata-xmlrpc 2012-09-13 17:48:35 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
Comment 7 Fedora Update System 2012-09-26 09:11:04 UTC 
libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-09-27 04:25:51 UTC 
libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-12-09 06:30:39 UTC 
libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.