Debian Local Security Checks : Debian LTS: Security Advisory for libxslt (DLA-1860-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.891860

Categoría: Debian Local Security Checks

Título: Debian LTS: Security Advisory for libxslt (DLA-1860-1)

Resumen: The remote host is missing an update for the 'libxslt'; package(s) announced via the DLA-1860-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libxslt'
package(s) announced via the DLA-1860-1 advisory.

Vulnerability Insight:
Several vulnerabilities were found in libxslt the XSLT 1.0 processing
library.

CVE-2016-4610

Invalid memory access leading to DoS at exsltDynMapFunction. libxslt
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.

CVE-2016-4609

Out-of-bounds read at xmlGetLineNoInternal()
libxslt allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.

CVE-2019-13117

An xsl:number with certain format strings could lead to an
uninitialized read in xsltNumberFormatInsertNumbers. This could
allow an attacker to discern whether a byte on the stack contains
the characters A, a, I, i, or 0, or any other character.

CVE-2019-13118

A type holding grouping characters of an xsl:number instruction was
too narrow and an invalid character/length combination could be
passed to xsltNumberFormatDecimal, leading to a read of
uninitialized stack data.

Affected Software/OS:
'libxslt' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1.1.28-2+deb8u5.

We recommend that you upgrade your libxslt packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-4609
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
BugTraq ID: 91826
http://www.securityfocus.com/bid/91826
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
http://www.securitytracker.com/id/1036348
Common Vulnerability Exposure (CVE) ID: CVE-2016-4610

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.891860
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for libxslt (DLA-1860-1)
Resumen:	The remote host is missing an update for the 'libxslt'; package(s) announced via the DLA-1860-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libxslt' package(s) announced via the DLA-1860-1 advisory. Vulnerability Insight: Several vulnerabilities were found in libxslt the XSLT 1.0 processing library. CVE-2016-4610 Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2016-4609 Out-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2019-13117 An xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVE-2019-13118 A type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Affected Software/OS: 'libxslt' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', these problems have been fixed in version 1.1.28-2+deb8u5. We recommend that you upgrade your libxslt packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4609 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html BugTraq ID: 91826 http://www.securityfocus.com/bid/91826 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html http://www.securitytracker.com/id/1036348 Common Vulnerability Exposure (CVE) ID: CVE-2016-4610
Copyright	Copyright (C) 2019 Greenbone Networks GmbH