Opened 5 years ago
Closed 5 years ago
#12209 closed enhancement (fixed)
Fix CVE-2019-11068 in libxslt (Security Framework Bypass)
Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | high | Milestone: | 9.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
I noticed a Debian Security Update for this on one of my debian machines, and thought it was worth a look into. After finding it, I came across this:
https://nvd.nist.gov/vuln/detail/CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
We need to apply the following commit:
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
Although the rest of the commits in the libxslt repo from the release of libxslt-1.1.33 onwards seem to be security related, so we might just want to create a consolidated patch. Mostly integer overflows it looks like.
Change History (4)
comment:1 by , 5 years ago
Milestone: | 8.5 → 9.0 |
---|
comment:2 by , 5 years ago
Description: | modified (diff) |
---|
comment:3 by , 5 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Milestone renamed