A heap-buffer overflow flaw was found in libxslt, a C library which allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. It was found that when applying templates to nodes selected by "namespace::*", a out-of-bounds read is performed. Later, this value is used during unlinking of nodes, leading to a WRITE error in xmlUnlinkNode(). Reference: https://code.google.com/p/chromium/issues/detail?id=138673 Upstream patch: http://git.gnome.org/browse/libxslt/commit/?id=937ba2a3eb42d288f53c8adc211bd1122869f0bf
Public via: http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_30.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
Created libxslt tracking bugs for this issue Affects: fedora-all [bug 835983]
libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.