oss-sec mailing list archives
CVE Request: additional fix for CVE-2012-2825 libxslt crash
From: Marcus Meissner <meissner () suse de>
Date: Tue, 5 Nov 2013 13:50:09 +0100
Hi, Our QA found that the reproducer in CVE-2012-2825 (magic.xsl and magic.xml) also expose another libxslt crash in older libxslt versions. https://bugzilla.novell.com/show_bug.cgi?id=849019 This bug was fixed in libxslt 1.1.25 with this commit: https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa commit 7089a62b8f133b42a2981cf1f920a8b3fe9a8caa Author: Martin <gzlist () googlemail com> Date: Wed Sep 16 19:02:16 2009 +0200 Crash compiling stylesheet with DTD * libxslt/xslt.c: when a stylesheet embbeds a DTD the compilation process could get seriously wrong Crash as a xmlDtd struct is accessed as a xmlNode, not really attacker controllable I would say, but a denial of service (crash). Ciao, Marcus
Current thread:
- CVE Request: additional fix for CVE-2012-2825 libxslt crash Marcus Meissner (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Vincent Danen (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Florian Weimer (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Marcus Meissner (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Vincent Danen (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Kurt Seifried (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Florian Weimer (Nov 05)
- Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash Vincent Danen (Nov 05)