home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.announce.security      Debian security announcements I think?      29 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 9 of 29   
   Aron Xu to All   
   [SECURITY] [DSA 5979-1] libxslt security   
   19 Aug 25 09:40:02   
   
   From: aron@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA256   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-5979-1                   security@debian.org   
   https://www.debian.org/security/                                  Aron Xu   
   August 19, 2025                       https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : libxslt   
   CVE ID         : CVE-2023-40403 CVE-2025-7424   
   Debian Bug     : 1108074 1109123   
      
   Two vunlerabilities were found in libxslt, the XSLT 1.0 processing library,   
   which may lead to information disclosure and DoS attack.   
      
   CVE-2023-40403   
      
       Information disclosure with weak memory handling of generated-id()   
      
   CVE-2025-7424   
      
       Type confusion in xmlNode.psvi between stylesheet and source nodes,   
       which may allow an attacker to crash the application or corrupt memory.   
      
   For the oldstable distribution (bookworm), these problems have been fixed   
   in version 1.1.35-1+deb12u2.   
      
   For the stable distribution (trixie), these problems have been fixed in   
   version 1.1.35-1.2+deb13u1.   
      
   We recommend that you upgrade your libxslt packages.   
      
   For the detailed security status of libxslt please refer to   
   its security tracker page at:   
   https://security-tracker.debian.org/tracker/libxslt   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmikJswACgkQNP8o68vM   
   TMi/LggAjynmD8VLzKTfHtqyOKoF3i/dh3dKIw+PysMKjsXYFgt3cQmg6YMK8C+I   
   FR9CcSndxhvZeS3wkrHSAvUGf6YsHuQ8uoF1FMk+IIGipMQ6G30dP2H2W2bFw4BW   
   MgX2odIdB5wC27pO/myDbCjBpGQxUC1XSpw4NdLtZcp/97rSsEaP+v+Pm32/nwca   
   mSfxipbe9xQSiEl4PnrVVr3Igxk/VaiEuyMao2uetueTPBHtHIX6YxyVoRRAr6Ba   
   KOMMR/+VfkCp9qENMexjaFECoPgT/XJGCTnY8KOeD6qrv4GHaIzUz8vho0HsWmiw   
   I7Fb9Y9R2Fgqr0xi36Td5aSGWRuV1g==   
   =U/6/   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca