USN-3271-1: Libxslt vulnerabilities<\/p>\n
27th April, 2017<\/em><\/p>\n A security issue affects these releases of Ubuntu and its Several security issues were fixed in Libxslt.\n<\/p>\n Holger Fuhrmannek discovered an integer overflow in the Nicolas Gregoire discovered that Libxslt mishandled namespace Sebastian Apelt discovered that a use-after-error existed in the It was discovered that a type confusion error existed in the Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' It was discovered that the xsltFormatNumberConversion() function The problem can be corrected by updating your system to the following To update your system, please follow these instructions: In general, a standard system update will make all the necessary changes.<\/p>\n CVE-2015-7995<\/a>, <\/p>\n CVE-2016-1683<\/a>, <\/p>\n CVE-2016-1684<\/a>, <\/p>\n CVE-2016-1841<\/a>, <\/p>\n CVE-2016-4738<\/a>, <\/p>\n CVE-2017-5029<\/a><\/p>\n Source: USN-3271-1: Libxslt vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3271-1: Libxslt vulnerabilities Ubuntu Security Notice USN-3271-1 27th April, 2017 libxslt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Libxslt. Software description libxslt – XSLT processing library Details Holger Fuhrmannek discovered an integer overflow in thexsltAddTextString() function in Libxslt. An attacker could usethis to craft a malicious document that, when opened, could cause adenial of service (application crash) or possible execute arbitrarycode. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespacenodes. An attacker could use this to craft a malicious document that,when opened, could cause a denial of service (application crash)or possibly execute arbtrary code. This issue only affected Ubuntu16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-15847","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/15847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=15847"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/15847\/revisions"}],"predecessor-version":[{"id":15848,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/15847\/revisions\/15848"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=15847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=15847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=15847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}libxslt vulnerabilities<\/h3>\n
\n derivatives:<\/p>\n\n
Summary<\/h3>\n
Software description<\/h3>\n
\n
\n – XSLT processing library<\/p>\n<\/li>\n<\/ul>\nDetails<\/h3>\n
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029<\/a>)<\/p>\n
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683<\/a>)<\/p>\n
xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker
could use this to craft a malicious document that, when opened,
could cause a denial of service (application crash) or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841<\/a>)<\/p>\n
xsltStylePreCompute() function in Libxslt. An attacker could use this
to craft a malicious XML file that, when opened, caused a denial of
service (application crash). This issue only affected Ubuntu 14.04
LTS and Ubuntu 12.04 LTS. (CVE-2015-7995<\/a>)<\/p>\n
format tokens for xsl:number data. An attacker could use this to
craft a malicious document that, when opened, could cause a denial of
service (application crash). This issue only affected Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684<\/a>)<\/p>\n
in Libxslt did not properly handle empty decimal separators. An
attacker could use this to craft a malicious document that, when
opened, could cause a denial of service (application crash). This
issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS,
and Ubuntu 12.04 LTS. (CVE-2016-4738<\/a>)<\/p>\nUpdate instructions<\/h3>\n
\npackage version:<\/p>\n\n
\n
\n 1.1.29-2ubuntu0.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.1.29-1ubuntu0.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.1.28-2.1ubuntu0.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.1.28-2ubuntu0.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.1.26-8ubuntu1.4<\/a>
\n <\/span>\n <\/dd>\n<\/dl>\n
\nhttps:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.\n<\/p>\nReferences<\/h3>\n