Opened 4 years ago

Closed 4 years ago

#12209 closed enhancement (fixed)

Fix CVE-2019-11068 in libxslt (Security Framework Bypass)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by Bruce Dubbs)

I noticed a Debian Security Update for this on one of my debian machines, and thought it was worth a look into. After finding it, I came across this:

libxslt through 1.1.33 allows bypass of a protection mechanism because 
callers of xsltCheckRead and xsltCheckWrite permit access even upon 
receiving a -1 error code. xsltCheckRead can return -1 for a crafted 
URL that is not actually invalid and is subsequently loaded.

We need to apply the following commit:

Although the rest of the commits in the libxslt repo from the release of libxslt-1.1.33 onwards seem to be security related, so we might just want to create a consolidated patch. Mostly integer overflows it looks like.

Change History (4)

comment:1 by Bruce Dubbs, 4 years ago

Milestone: 8.59.0

Milestone renamed

comment:2 by Bruce Dubbs, 4 years ago

Description: modified (diff)

comment:3 by Douglas R. Reno, 4 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21807

Note: See TracTickets for help on using tickets.