Ubuntu Update For Libxslt Vulnerabilities USN-633-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-633-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767) Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service. (CVE-2008-2935)

Affected

libxslt vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

Severity

Classification

CVE CVE-2008-1767, CVE-2008-2935
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for curl vulnerability USN-484-1
Ubuntu Update for eglibc, glibc vulnerability USN-1009-2
Ubuntu Update for apt-listchanges vulnerability USN-572-1
Ubuntu Update for bind9 USN-1462-1
Ubuntu Update for dbus-glib USN-1753-1

Ubuntu Update for libxslt vulnerabilities USN-633-1

Take action and discover your vulnerabilities