Red Hat Bugzilla – Bug 1027360
CVE-2013-4520 libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.25
Last modified: 2013-11-06 11:13:00 EST
It was reported that the fix for CVE-2012-2825 was incomplete for versions of libxslt prior to 1.1.25. The same flaw is still present in those older versions of libxslt without this additional fix:
This never affected the versions of libxslt as provided with Red Hat Enterprise Linux 6 or Fedora. It was also corrected in Red Hat Enterprise Linux 5's libxslt as fixed with CVE-2012-2825 (RHSA-2012:1265) as the patch was included in our packages as noted in the changelog.
- CVE-2012-2825 requires an extra patch on 1.1.17
Not vulnerable. This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2012:1265. It did not affect Red Hat Enterprise Linux 6.