Fix CVE-2019-11068 in libxslt (Security Framework Bypass)
|Reported by:||Douglas R. Reno||Owned by:||Douglas R. Reno|
Description (last modified by )
I noticed a Debian Security Update for this on one of my debian machines, and thought it was worth a look into. After finding it, I came across this:
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
We need to apply the following commit:
Although the rest of the commits in the libxslt repo from the release of libxslt-1.1.33 onwards seem to be security related, so we might just want to create a consolidated patch. Mostly integer overflows it looks like.