Articles / Debian: New libxslt package…

Debian: New libxslt packages fix execution of arbitrary code

It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps. Fixed packages are available from security.debian.org.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1589-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
May 28, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libxslt
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1767
Debian Bug     : 482664

It was discovered that libxslt, an XSLT processing runtime library,
could be coerced into executing arbitrary code via a buffer overflow
when an XSL style sheet file with a long XSLT "transformation match"
condition triggered a large number of steps.

For the stable distribution (etch), this problem has been fixed in version
1.1.19-2.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.24-1.

We recommend that you upgrade your libxslt package.


Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz
   Size/MD5 checksum:  2799906 622e5843167593c8ea39bf86c66b8fcf
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc
   Size/MD5 checksum:      849 27df832e1c58fa0b4ee2fc08ae23eb52
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz
   Size/MD5 checksum:   149924 3135ddae6ed99518ca98cb6dd32f9cf5

alpha architecture (DEC Alpha)

 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb
   Size/MD5 checksum:   107220 cb23c0170e99f97ba4a6328b6c15d4e8
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb
   Size/MD5 checksum:   131268 264ec9a09e6fd46eb6acb82b6e2e458f
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb
   Size/MD5 checksum:   690048 6af24b16a70e3eda53cf9b01aeb72abe
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb
   Size/MD5 checksum:   362862 b0bfc373c7b2b029bdecc32fe3c6b393
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb
   Size/MD5 checksum:   230516 c613baf2799aca2b10f704c72d65f6dd

amd64 architecture (AMD x86_64 (AMD64))

 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb
   Size/MD5 checksum:   131736 bd359cba79ae664919f1d28bb7ee7bb9
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb
   Size/MD5 checksum:   630600 9f2ce6f099ad058ddb7756c6bec0ad04
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb
   Size/MD5 checksum:   225362 6fad243b75ab8773edac788ae83ff0b2
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb
   Size/MD5 checksum:   106520 86122035aa23a3ac883a90f2ad206cb3
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb
   Size/MD5 checksum:   360490 43bf746a2e2d510dc2b42bce0ebfe846

arm architecture (ARM)

 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb
   Size/MD5 checksum:   126438 8d9a6a49d04b7b718ea4891090590ebe
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb
   Size/MD5 checksum:   213174 5a22f4ddde902b9e62b320d595c717e4
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb
   Size/MD5 checksum:   106410 fa92dc9b78ddafc576c917dc634850f7
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb
   Size/MD5 checksum:   344476 84490df6ef91ef8d59397efd08141adb
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb
   Size/MD5 checksum:   612866 b755daf391dc131cec3cf5170f7ff3ef

hppa architecture (HP PA RISC)

 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb
   Size/MD5 checksum:   132206 246544f21eb977706164148ac110fef4
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb
   Size/MD5 checksum:   656512 278e6530497e001b7af16b8c97259640
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb
   Size/MD5 checksum:   107496 3c104b63b086ee54e45796cf8f8f5736
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb
   Size/MD5 checksum:   238066 ec3a5a9b5ed19d8cea6e207b94960b06
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb
   Size/MD5 checksum:   359052 99da4dbb694efd07fec538b0dfba57da

i386 architecture (Intel ia32)

 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb
   Size/MD5 checksum:   215768 065db1534d256efaa0bdbed1d5bc2efa
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb
   Size/MD5 checksum:   106010 d736922f8f98e3655e0d17c47c182911
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb
   Size/MD5 checksum:   610254 7d2f1de6b328363d404e0167b2c3d0b2
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb
   Size/MD5 checksum:   127542 036211c64911322aad9f5afa3c67a8ce
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb
   Size/MD5 checksum:   350172 fbd79c2f46affc6a6daea73b95c5fe4c

ia64 architecture (Intel ia64)

 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb
   Size/MD5 checksum:   110354 a086d9e71e7152286ff25d6c28d1c188
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb
   Size/MD5 checksum:   688004 a39cdbeb7e2bec2db123baf9fb936141
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb
   Size/MD5 checksum:   286602 c417da9ebd63d8338401253df1194e01
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb
   Size/MD5 checksum:   361472 3643ac55a03571fa185c4e0700298e82
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb
   Size/MD5 checksum:   135176 9cdb256571bf9606ed56840a1e88ddb4

mips architecture (MIPS (Big Endian))

 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb
   Size/MD5 checksum:   106622 5f3f9bff564736decdac2c69983211a0
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb
   Size/MD5 checksum:   213366 128a0294b6a09059fedb618371ec9d09
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb
   Size/MD5 checksum:   650424 55eab53a1978e3e2a7c1f7dbd68fc04c
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb
   Size/MD5 checksum:   128934 3d52f0f986dd862e8119eabeca944e35
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb
   Size/MD5 checksum:   371998 8f2ea540fd91ca75559d8589c8855de7

mipsel architecture (MIPS (Little Endian))

 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb
   Size/MD5 checksum:   213564 c405f7eef65b01491758e64551b7977f
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb
   Size/MD5 checksum:   624640 9d2b59c3820eb9c99671399f967e0f3e
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb
   Size/MD5 checksum:   363788 09bdf35805a2de68a4d1dfe15c28dcfc
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb
   Size/MD5 checksum:   106668 2633adeeddc2edc4e36e45a7e4e92c2f
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb
   Size/MD5 checksum:   128564 c768001b8441118205f9f513af83e485

powerpc architecture (PowerPC)

 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb
   Size/MD5 checksum:   611678 3d3acc7b7be03bd0bb2e31dcadf05720
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb
   Size/MD5 checksum:   365012 94f6735cc42e233a67fd46df084120ee
 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb
   Size/MD5 checksum:   108104 bca54d59be466884a5cfde0532a324df
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb
   Size/MD5 checksum:   222790 12aef46d1088d93375ab824b73702bc2
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb
   Size/MD5 checksum:   130124 37bb5353c81ed15374acc7305cc54839

s390 architecture (IBM S/390)

 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb
   Size/MD5 checksum:   106798 0a96df71e63deb7d7124aab48152a5df
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb
   Size/MD5 checksum:   131712 89e70e2d2fadd7b7ec9268d907a62d29
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb
   Size/MD5 checksum:   226596 751b28fafff17f6fcb8b2f4c0df370c0
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb
   Size/MD5 checksum:   601572 85051174031d0ff2c22fb87d1ab759c0
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb
   Size/MD5 checksum:   357722 661c9551483bf52573e52646aaa13b60

sparc architecture (Sun SPARC/UltraSPARC)

 http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb
   Size/MD5 checksum:   106330 e6c23ad0752b3c7c22857c935befb984
 http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb
   Size/MD5 checksum:   129134 e6c3f1402576da329d515d9411f7fd53
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb
   Size/MD5 checksum:   217862 2ce2c27d8de0dc78ee4162b9664f7144
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb
   Size/MD5 checksum:   598868 0acf342e57619d34685f76b879da8891
 http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb
   Size/MD5 checksum:   335962 947c59cd2f23b55b897ded3b31ccc1a6


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIPWiawM/Gs81MDZ0RAlFDAJ4r0ZndrATgh4xQO7tk0AidGIrk9ACeKtaR
0DnKvg1zG+OZlNoWRX3XyQw=
=HfoM
-----END PGP SIGNATURE-----

Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.