Chris Evans discovered a heap address leak in XSLT The bug is in the generate-id() XPath function, and is sometimes used in XSL transforms. This is a low severity information leak, that does not corrupt anything, However it can be paired with other bugs and can be perhaps used as an exploit aid against ASLR. References: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f This has been assigned CVE-2011-1202.
Created libxslt tracking bugs for this issue Affects: fedora-all [bug 684388]
Statement: This issue affects the versions of libxslt package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Via RHSA-2011:0471 https://rhn.redhat.com/errata/RHSA-2011-0471.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html
libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.