[3.2] libxslt: Multiple Vulnerabilities (CVE-2015-7995, CVE-2016-1683, CVE-2016-1684)
CVE-2015-7995:
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not
check if the parent node is an element,
which allows attackers to cause a denial of service via a crafted XML
file, related to a “type confusion” issue.
References:
http://www.openwall.com/lists/oss-security/2015/10/27/10
Patch:
https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
CVE-2016-1683:
numbers.c in libxslt before 1.1.29, as used in Google Chrome before
51.0.2704.63, mishandles namespace nodes,
which allows remote attackers to cause a denial of service
(out-of-bounds heap memory access) or possibly have unspecified other
impact via a crafted document.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1683
Patch:
https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242
CVE-2016-1684:
numbers.c in libxslt before 1.1.29, as used in Google Chrome before
51.0.2704.63, mishandles the i format token for xsl:number data,
which allows remote attackers to cause a denial of service (integer
overflow or resource consumption) or possibly have unspecified other
impact via a crafted document.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1684
Patch:
https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d
(from redmine: issue id 5755, created on 2016-06-19, closed on 2016-06-24)
- Relations:
- parent #5753 (closed)
- Changesets:
- Revision 548fc948 on 2016-06-24T06:51:48Z:
main/libxslt: security upgrade to 1.1.29 (CVE-2015-7995, CVE-2016-1683, CVE-2016-1684). Fixes #5755