openSUSE Security Update : libxslt (openSUSE-2017-609)
High Nessus Plugin ID 100367
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for libxslt fixes the following security issues :
- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).
- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591).
- CVE-2015-9019: Properly initialize random generator (bsc#934119).
- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected libxslt packages.