CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.1%
CentOS Errata and Security Advisory CESA-2008:0287-01
libxslt is a C library, based on libxml, for parsing of XML files into
other textual formats (eg HTML, plain text and other XML representations of
the underlying data) It uses the standard XSLT stylesheet transformation
mechanism and, being written in plain ANSI C, is designed to be simple to
incorporate into other applications
Anthony de Almeida Lopes reported the libxslt library did not properly
process long βtransformation matchβ conditions in the XSL stylesheet files.
An attacker could create a malicious XSL file that would cause a crash, or,
possibly, execute and arbitrary code with the privileges of the application
using libxslt library to perform XSL transformations. (CVE-2008-1767)
All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077088.html
Affected packages:
libxslt
libxslt-devel
libxslt-python
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | libxslt | <Β 1.0.15-3 | libxslt-1.0.15-3.i386.rpm |
CentOS | 2 | i386 | libxslt-devel | <Β 1.0.15-3 | libxslt-devel-1.0.15-3.i386.rpm |
CentOS | 2 | i386 | libxslt-python | <Β 1.0.15-3 | libxslt-python-1.0.15-3.i386.rpm |