Opened 5 years ago
Last modified 5 years ago
#12209 closed enhancement
Fix CVE-2019-11068 in libxslt (Security Framework Bypass) — at Initial Version
| Reported by: | Douglas R. Reno | Owned by: | blfs-book |
|---|---|---|---|
| Priority: | high | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
I noticed a Debian Security Update for this on one of my debian machines, and thought it was worth a look into. After finding it, I came across this:
https://nvd.nist.gov/vuln/detail/CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
We need to apply the following commit:
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
Although the rest of the commits in the libxslt repo from the release of libxslt-1.1.33 onwards seem to be security related, so we might just want to create a consolidated patch. Mostly integer overflows it looks like.
Note:
See TracTickets
for help on using tickets.
