Opened 2 years ago

Closed 2 years ago

#12209 closed enhancement (fixed)

Fix CVE-2019-11068 in libxslt (Security Framework Bypass)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Bruce Dubbs)

I noticed a Debian Security Update for this on one of my debian machines, and thought it was worth a look into. After finding it, I came across this:

https://nvd.nist.gov/vuln/detail/CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because 
callers of xsltCheckRead and xsltCheckWrite permit access even upon 
receiving a -1 error code. xsltCheckRead can return -1 for a crafted 
URL that is not actually invalid and is subsequently loaded.

We need to apply the following commit:

https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

Although the rest of the commits in the libxslt repo from the release of libxslt-1.1.33 onwards seem to be security related, so we might just want to create a consolidated patch. Mostly integer overflows it looks like.

Change History (4)

comment:1 by Bruce Dubbs, 2 years ago

Milestone: 8.59.0

Milestone renamed

comment:2 by Bruce Dubbs, 2 years ago

Description: modified (diff)

comment:3 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21807

Note: See TracTickets for help on using tickets.