libxslt is a library for transforming XML files into other XML files using
the standard XSLT stylesheet transformation mechanism.
A heap buffer overflow flaw was discovered in the RC4 libxslt library
extension. An attacker could create a malicious XSL file that would cause a
crash, or, possibly, execute arbitrary code with the privileges of the
application using the libxslt library to perform XSL transformations on
untrusted XSL style sheets. (CVE-2008-2935)
Red Hat would like to thank Chris Evans for reporting this vulnerability.
All libxslt users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | s390x | libxslt-python | <Β 1.1.11-1.el4_7.2 | libxslt-python-1.1.11-1.el4_7.2.s390x.rpm |
RedHat | 4 | s390x | libxslt-devel | <Β 1.1.11-1.el4_7.2 | libxslt-devel-1.1.11-1.el4_7.2.s390x.rpm |
RedHat | 4 | src | libxslt | <Β 1.1.11-1.el4_7.2 | libxslt-1.1.11-1.el4_7.2.src.rpm |
RedHat | 4 | s390 | libxslt-python | <Β 1.1.11-1.el4_7.2 | libxslt-python-1.1.11-1.el4_7.2.s390.rpm |
RedHat | 5 | ia64 | libxslt-devel | <Β 1.1.17-2.el5_2.2 | libxslt-devel-1.1.17-2.el5_2.2.ia64.rpm |
RedHat | 5 | s390 | libxslt | <Β 1.1.17-2.el5_2.2 | libxslt-1.1.17-2.el5_2.2.s390.rpm |
RedHat | 4 | i386 | libxslt | <Β 1.1.11-1.el4_7.2 | libxslt-1.1.11-1.el4_7.2.i386.rpm |
RedHat | 5 | s390x | libxslt | <Β 1.1.17-2.el5_2.2 | libxslt-1.1.17-2.el5_2.2.s390x.rpm |
RedHat | 5 | x86_64 | libxslt | <Β 1.1.17-2.el5_2.2 | libxslt-1.1.17-2.el5_2.2.x86_64.rpm |
RedHat | 5 | i386 | libxslt-devel | <Β 1.1.17-2.el5_2.2 | libxslt-devel-1.1.17-2.el5_2.2.i386.rpm |