Mandriva Update For Libxslt MDVSA-2008:160 (libxslt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibly execute arbitrary code with the privileges of the application in question (CVE-2008-2935). The updated packages have been patched to correct this issue.

Affected

libxslt on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2935
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:140 (gaim)
Mandrake Security Advisory MDVSA-2009:134 (firefox)
Mandrake Security Advisory MDVSA-2009:093 (mpg123)
Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Mandrake Security Advisory MDVSA-2009:131-1 (apr-util)

Mandriva Update for libxslt MDVSA-2008:160 (libxslt)

Take action and discover your vulnerabilities