Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)
Medium Nessus Plugin ID 62504
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in libxslt :
Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors (CVE-2011-1202).
libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870).
libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h (CVE-2012-2871).
Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms (CVE-2012-2893).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.