Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0287-01
HistoryMay 22, 2008 - 6:09 a.m.

libxslt security update

2008-05-2206:09:03
CentOS Project
lists.centos.org
47

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.1%

JSON

CentOS Errata and Security Advisory CESA-2008:0287-01

libxslt is a C library, based on libxml, for parsing of XML files into
other textual formats (eg HTML, plain text and other XML representations of
the underlying data) It uses the standard XSLT stylesheet transformation
mechanism and, being written in plain ANSI C, is designed to be simple to
incorporate into other applications

Anthony de Almeida Lopes reported the libxslt library did not properly
process long β€œtransformation match” conditions in the XSL stylesheet files.
An attacker could create a malicious XSL file that would cause a crash, or,
possibly, execute and arbitrary code with the privileges of the application
using libxslt library to perform XSL transformations. (CVE-2008-1767)

All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077088.html

Affected packages:
libxslt
libxslt-devel
libxslt-python

Related

securityvulns 2
cvelist 1
gentoo 1
openvas 24
nessus 16
seebug 1
nvd 1
slackware 1
debian 1
debiancve 1
oraclelinux 1
prion 1
cve 1
ubuntucve 1
centos 1
redhat 1
ubuntu 1
securityvulns
securityvulns
libxslt memory corruption
2008-06-04 00:00:00
[ GLSA 200806-02 ] libxslt: Execution of arbitrary code
2008-06-04 00:00:00
cvelist
cvelist
CVE-2008-1767
2008-05-23 14:00:00
gentoo
gentoo
libxslt: Execution of arbitrary code
2008-06-03 00:00:00
openvas
openvas
RedHat Update for libxslt RHSA-2008:0287-01
2009-03-06 00:00:00
Slackware Advisory SSA:2008-210-03 libxslt
2012-09-11 00:00:00
CentOS Update for libxslt CESA-2008:0287 centos3 x86_64
2009-02-27 00:00:00
nessus
nessus
SuSE 10 Security Update : libxslt (ZYPP Patch Number 5343)
2008-06-16 00:00:00
Slackware 12.0 / 12.1 / current : libxslt (SSA:2008-210-03)
2008-07-29 00:00:00
CentOS 3 / 4 / 5 : libxslt (CESA-2008:0287)
2008-05-22 00:00:00
seebug
seebug
libxslt XSLζ–‡δ»Άε€„η†ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-05-29 00:00:00
nvd
nvd
CVE-2008-1767
2008-05-23 15:32:00
slackware
slackware
[slackware-security] libxslt
2008-07-29 05:32:12
debian
debian
[SECURITY] [DSA 1589-1] New libxslt packages fix execution of arbitrary code
2008-05-28 14:14:39
debiancve
debiancve
CVE-2008-1767
2008-05-23 15:32:00
oraclelinux
oraclelinux
libxslt security update
2008-05-21 00:00:00
prion
prion
Buffer overflow
2008-05-23 15:32:00
cve
cve
CVE-2008-1767
2008-05-23 15:32:00
ubuntucve
ubuntucve
CVE-2008-1767
2008-05-23 00:00:00
centos
centos
libxslt security update
2008-05-21 13:50:56
redhat
redhat
(RHSA-2008:0287) Important: libxslt security update
2008-05-21 00:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2008-08-01 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.1%

JSON
Related for CESA-2008:0287-01
securityvulns2cvelist1gentoo1openvas24nessus16seebug1nvd1slackware1debian1debiancve1oraclelinux1prion1cve1ubuntucve1centos1redhat1ubuntu1