Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2893 to the following vulnerability: Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. References: [1] http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556 [2] http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html [3] https://chromiumcodereview.appspot.com/10919019 [4] https://code.google.com/p/chromium/issues/detail?id=144799 [5] https://src.chromium.org/viewvc/chrome?view=rev&revision=154331
This issue does NOT affect the versions of the libxslt package, as shipped with Red Hat Enterprise Linux 5 and 6 (they were already updated to correct this). -- This issue does NOT affect the versions of the libxslt package, as shipped with Fedora release of 16 and 17 (they were already updated to correct this).
Upstream patch: [6] http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1265 http://rhn.redhat.com/errata/RHSA-2012-1265.html
This issue has been addressed in Fedora via the following security advisories: Fedora-16: https://admin.fedoraproject.org/updates/FEDORA-2012-14048 Fedora-17: https://admin.fedoraproject.org/updates/FEDORA-2012-14083 Fedora-18: https://admin.fedoraproject.org/updates/FEDORA-2012-13871