Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.
88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9eGentoo Linux Security Advisory 201401-7 - Multiple Denial of Service vulnerabilities have been found in libxslt. Versions less than 1.1.28 are affected.
f23dd72c3b893d110a45c420e9dac3a0ca04e3ad16ed8dc28007045c29b7bbf2Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.
28033ee75b46e43dd395d653bcaeafcb70f1b640306db4446062bdbfd7ff9c7fMandriva Linux Security Advisory 2013-047 - The XSL implementation in libxslt allows remote attackers to cause a denial of service via unspecified vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.
98161c0b908ae321ff7e41c26e4bb80ca14d2a7fa8b6e59bc0997cca1201e034Mandriva Linux Security Advisory 2012-164 - Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.
9dc7d2ddc7d23c750e1d5fa6aec98c0a30701c70c16fd72c278d4e45c943ff4cDebian Linux Security Advisory 2555-1 - Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.
c959d5eab09fe98d37976ab22e1513cafb038267dffd27b4d6a167bf65b379b7Ubuntu Security Notice 1595-1 - Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. Various other issues were also addressed.
5dada35384ea916fefdd03285e96612d7c197f764028a0915522b0f15010b138Red Hat Security Advisory 2012-1265-01 - libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
9920cb411b2c3aa2362ffe225a52581712a70d0901996f2acabf529dcdc400d4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed