Debian DLA-1756-1 : libxslt security update
High Nessus Plugin ID 124065
SynopsisThe remote Debian host is missing a security update.
DescriptionIt was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format.
The xsltCheckRead and xsltCheckWrite routines permitted access upon receiving an-1 error code and (as xsltCheckRead returned -1 for a specially crafted URL that is not actually invalid) the attacker was subsequently authenticated.
For Debian 8 'Jessie', this issue has been fixed in libxslt version 1.1.28-2+deb8u4.
We recommend that you upgrade your libxslt packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.