-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:151 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxslt Date : July 21, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code (CVE-2008-1767). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 269e6513a992d9e016db3908e06590f5 2007.1/i586/libxslt1-1.1.20-2.1mdv2007.1.i586.rpm 035cc26a3cfdfe3961ce07289e0f1625 2007.1/i586/libxslt1-devel-1.1.20-2.1mdv2007.1.i586.rpm acb69204b57de4cb539c7c1829f4b6e9 2007.1/i586/libxslt-proc-1.1.20-2.1mdv2007.1.i586.rpm d19e9c0ef2bfb8ae3e5ec910e26735d6 2007.1/i586/python-libxslt-1.1.20-2.1mdv2007.1.i586.rpm 4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8fcff8e0c639455c50315af9d420b020 2007.1/x86_64/lib64xslt1-1.1.20-2.1mdv2007.1.x86_64.rpm 5ddbaa4453c968da07fb497f75ede8d2 2007.1/x86_64/lib64xslt1-devel-1.1.20-2.1mdv2007.1.x86_64.rpm 3acf4044b3d8eccf21e94dd1cdb03f7c 2007.1/x86_64/libxslt-proc-1.1.20-2.1mdv2007.1.x86_64.rpm 46d41b25c0feb01ca0b16ef251b51236 2007.1/x86_64/python-libxslt-1.1.20-2.1mdv2007.1.x86_64.rpm 4901c1bedaaa6367afe269874d3daa64 2007.1/SRPMS/libxslt-1.1.20-2.1mdv2007.1.src.rpm Mandriva Linux 2008.0: b54f606226545944f6691bc5b4951af4 2008.0/i586/libxslt1-1.1.22-2.1mdv2008.0.i586.rpm ff696b5846ae5936b5602094922a3276 2008.0/i586/libxslt-devel-1.1.22-2.1mdv2008.0.i586.rpm 92328e34c084986c674e16184492365a 2008.0/i586/libxslt-proc-1.1.22-2.1mdv2008.0.i586.rpm b2fe8b69925a6d6c8671f9d2146de82d 2008.0/i586/python-libxslt-1.1.22-2.1mdv2008.0.i586.rpm c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d93a7df55dbf546d3bb03f84ccfd3e46 2008.0/x86_64/lib64xslt1-1.1.22-2.1mdv2008.0.x86_64.rpm 79098087f94766034cf27925ef0923b7 2008.0/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.0.x86_64.rpm 22e0c6c896efe7cff21f8242cd362e79 2008.0/x86_64/libxslt-proc-1.1.22-2.1mdv2008.0.x86_64.rpm 9ecb4e151c77575bff8b627b26fbf949 2008.0/x86_64/python-libxslt-1.1.22-2.1mdv2008.0.x86_64.rpm c26a63ef401930cc523fe98b34ba3c9a 2008.0/SRPMS/libxslt-1.1.22-2.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 564225f1f8fc90de67dcf190bf367a54 2008.1/i586/libxslt1-1.1.22-2.1mdv2008.1.i586.rpm 4a245a02cca0f57b94d3b838d55cd646 2008.1/i586/libxslt-devel-1.1.22-2.1mdv2008.1.i586.rpm 408a00d6b663ff7cec94210551ffab5b 2008.1/i586/libxslt-proc-1.1.22-2.1mdv2008.1.i586.rpm ff3e1498caf4afdc098c7ed6aa93eaaa 2008.1/i586/python-libxslt-1.1.22-2.1mdv2008.1.i586.rpm f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 494326373eca400d832d2bd4a87cbf32 2008.1/x86_64/lib64xslt1-1.1.22-2.1mdv2008.1.x86_64.rpm dcdfaa95b392d09b809341a50e381a1d 2008.1/x86_64/lib64xslt-devel-1.1.22-2.1mdv2008.1.x86_64.rpm da14b3e445e1711cc20d9151b94dbf4a 2008.1/x86_64/libxslt-proc-1.1.22-2.1mdv2008.1.x86_64.rpm 5f553b350a9a96a784b754b8da3b1331 2008.1/x86_64/python-libxslt-1.1.22-2.1mdv2008.1.x86_64.rpm f942f9a3ed7756b0909197478b1cbab0 2008.1/SRPMS/libxslt-1.1.22-2.1mdv2008.1.src.rpm Corporate 3.0: 3bad56368c2013918528b5c91d36a540 corporate/3.0/i586/libxslt1-1.1.2-1.1.C30mdk.i586.rpm e8f0d690402867f35fe383f57f1309fb corporate/3.0/i586/libxslt1-devel-1.1.2-1.1.C30mdk.i586.rpm e31d2747065fbe3290bcdea0429f4b38 corporate/3.0/i586/libxslt-proc-1.1.2-1.1.C30mdk.i586.rpm 292bd60026d2fab7c121e8dd4ebe7489 corporate/3.0/i586/libxslt-python-1.1.2-1.1.C30mdk.i586.rpm 6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 334e2ddcc66df63e59a5cf3bed7aa12e corporate/3.0/x86_64/lib64xslt1-1.1.2-1.1.C30mdk.x86_64.rpm 25185db8f68ee30df4382b83ba3e91da corporate/3.0/x86_64/lib64xslt1-devel-1.1.2-1.1.C30mdk.x86_64.rpm 99f9597a0e431d68db06d34175658512 corporate/3.0/x86_64/libxslt-proc-1.1.2-1.1.C30mdk.x86_64.rpm af53b90f2c6c10a9abe11ee3d655ffb9 corporate/3.0/x86_64/libxslt-python-1.1.2-1.1.C30mdk.x86_64.rpm 6f482d0addecb3334b2d48e5219c7e89 corporate/3.0/SRPMS/libxslt-1.1.2-1.1.C30mdk.src.rpm Corporate 4.0: 401a4225975ceee992bfcf8f7fe1c717 corporate/4.0/i586/libxslt1-1.1.15-1.1.20060mlcs4.i586.rpm 946ef45293b40f93f6651d6520a73f9a corporate/4.0/i586/libxslt1-devel-1.1.15-1.1.20060mlcs4.i586.rpm 4cf60d91fc60bbb1abf0da486e160ec2 corporate/4.0/i586/libxslt-proc-1.1.15-1.1.20060mlcs4.i586.rpm 9e39ec030460550aa65e620ea8527727 corporate/4.0/i586/libxslt-python-1.1.15-1.1.20060mlcs4.i586.rpm c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 8c3fc8b33f79304d8d855772bead0896 corporate/4.0/x86_64/lib64xslt1-1.1.15-1.1.20060mlcs4.x86_64.rpm b4f06dd5b4537ae670920dcd84ad1e4b corporate/4.0/x86_64/lib64xslt1-devel-1.1.15-1.1.20060mlcs4.x86_64.rpm 9241685719d35f788bc34bef26f6a471 corporate/4.0/x86_64/libxslt-proc-1.1.15-1.1.20060mlcs4.x86_64.rpm bf3ca6342f8327926df5f940ec399c4b corporate/4.0/x86_64/libxslt-python-1.1.15-1.1.20060mlcs4.x86_64.rpm c33d0da326ad390a3614bae3219954e0 corporate/4.0/SRPMS/libxslt-1.1.15-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIhQ36mqjQ0CJFipgRAi9eAJ9RVcKUd+Q+xukmpZAjhlGt8eJzawCbBfKO yRmmTSD6f3PkvymAlolIBB4= =UXWQ -----END PGP SIGNATURE-----
