oCERT reported a libxslt vulnerability discovered by Chris Evans of the Google Security Team: The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. An arbitrary length string, passed as an argument in the XSL input, is incorrectly copied over a padding variable which is previously allocated with a fixed size of 128bit (RC4_KEY_LENGTH). Affected version: libxslt >= 1.1.8, <= 1.1.24 Acknowledgements: Red Hat would like to thank Chris Evans and oCERT for reporting this vulnerability.
Created attachment 312112 [details] Upstream patch
This is now public: http://www.ocert.org/advisories/ocert-2008-009.html
libxslt-1.1.24-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.24-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0649.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7029 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7062