oCERT reported a libxslt vulnerability discovered by Chris Evans of the Google
The libexslt library bundled with libxslt is affected by a heap-based buffer
overflow which can lead to arbitrary code execution.
The vulnerability is present in the rc4 encryption/decryption functions. An
arbitrary length string, passed as an argument in the XSL input, is incorrectly
copied over a padding variable which is previously allocated with a fixed size
of 128bit (RC4_KEY_LENGTH).
Affected version: libxslt >= 1.1.8, <= 1.1.24
Red Hat would like to thank Chris Evans and oCERT for reporting this vulnerability.
Created attachment 312112 [details]
This is now public:
libxslt-1.1.24-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.24-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: