GLSA-201401-07 : libxslt: Denial of Service
Medium Nessus Plugin ID 71907
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201401-07 (libxslt: Denial of Service)
Multiple vulnerabilities have been found in libxslt:
Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139).
A double-free error exists in templates.c (CVE-2012-2893).
A NULL pointer dereference in keys.c (CVE-2012-6139).
An error in handling stylesheets containing DTDs (CVE-2013-4520).
A remote attacker could entice a user to process a specially crafted file in an application linked against libxslt, possibly resulting in a Denial of Service condition.
There is no known workaround at this time.
SolutionAll libxslt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libxslt-1.1.28' Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.