Privacy and Legal Notice

CIRC INFORMATION BULLETIN

S-297: libxslt Security Update

[Red Hat RHSA-2008:0287-2]

May 22, 2008 13:00 GMT
[REVISED 29 May 2008]
PROBLEM: The libxslt library did not properly process long "transformation match" conditions in the XSL stylesheet files.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
Debian GNU/Linux 4.0 (etch)
DAMAGE: DoS or possibly execute and arbitrary code.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 6.8
5.3
(AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
LINKS:  
  CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/s-297.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0287.html
  ADDITIONAL LINK: http://www.debian.org/security/2008/dsa-1589
  CVE: CVE-2008-1767 
REVISION HISTORY:
05/29/2008 - revised S-297 to add a link to Debian Security Advisory DSA-1589-1 for
             Debian GNU/Linux 4.0 (etch).
			 
			 
			 
[***** Start Red Hat  RHSA-2008:0287-2 *****]

Important: libxslt security update

Advisory: RHSA-2008:0287-2
Type: Security Advisory
Severity: Important
Issued on: 2008-05-21
Last updated on: 2008-05-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20080287.xml
CVEs (cve.mitre.org): CVE-2008-1767

Details

Updated libxslt packages that fix a security issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

libxslt is a C library, based on libxml, for parsing of XML files into
other textual formats (eg HTML, plain text and other XML representations of
the underlying data) It uses the standard XSLT stylesheet transformation
mechanism and, being written in plain ANSI C, is designed to be simple to
incorporate into other applications

Anthony de Almeida Lopes reported the libxslt library did not properly
process long "transformation match" conditions in the XSL stylesheet files.
An attacker could create a malicious XSL file that would cause a crash, or,
possibly, execute and arbitrary code with the privileges of the application
using libxslt library to perform XSL transformations. (CVE-2008-1767)

All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188


Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
libxslt-devel-1.1.17-2.el5_1.1.i386.rpm     65b60c7ca2293cbaea8c78957b456b86
 
x86_64:
libxslt-devel-1.1.17-2.el5_1.1.i386.rpm     65b60c7ca2293cbaea8c78957b456b86
libxslt-devel-1.1.17-2.el5_1.1.x86_64.rpm     74de81181096085184be4e903ba2ef0e
 
Red Hat Desktop (v. 3)
SRPMS:
libxslt-1.0.33-6.src.rpm     3503db7cca9cd6f0c2dee1bb17f87c04
 
IA-32:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-devel-1.0.33-6.i386.rpm     51cf6e87109ed9bfc8096c1ab1e61d33
 
x86_64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.x86_64.rpm     05b8595bd5a6ee2094c2aad21d7194b6
libxslt-devel-1.0.33-6.x86_64.rpm     13b8e94f7dd351bda8a3fd2b36dae6c1
 
Red Hat Desktop (v. 4)
SRPMS:
libxslt-1.1.11-1.el4_6.1.src.rpm     a3ea6e78e45df10ff0f618fadff44038
 
IA-32:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-devel-1.1.11-1.el4_6.1.i386.rpm     84e036bc8c0eb262487b0f83de2c927f
libxslt-python-1.1.11-1.el4_6.1.i386.rpm     fa7cef400421c41b5b2638f90ff4748c
 
x86_64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.x86_64.rpm     dacea7103b284aa21878fb16313bd052
libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm     84de9a33b9c412bc589053f169f64eea
libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm     761252a8f16224ac07ed8d1cae83d2c1
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
libxslt-1.1.17-2.el5_1.1.src.rpm     5105cad8d59bdf6bbcf87c80c00dbfdd
 
IA-32:
libxslt-1.1.17-2.el5_1.1.i386.rpm     f7de7b4383514c2cdc07fcc88a5a732a
libxslt-devel-1.1.17-2.el5_1.1.i386.rpm     65b60c7ca2293cbaea8c78957b456b86
libxslt-python-1.1.17-2.el5_1.1.i386.rpm     fa1b8a68113b3e5b9859ca30661d37b8
 
IA-64:
libxslt-1.1.17-2.el5_1.1.i386.rpm     f7de7b4383514c2cdc07fcc88a5a732a
libxslt-1.1.17-2.el5_1.1.ia64.rpm     8f22de6e04ad1d466d4938389d20bf54
libxslt-devel-1.1.17-2.el5_1.1.ia64.rpm     9728bae479f2569eb91cb985835f78a2
libxslt-python-1.1.17-2.el5_1.1.ia64.rpm     d66d6d0483a32fa7fcaac2f23b5f2b97
 
PPC:
libxslt-1.1.17-2.el5_1.1.ppc.rpm     a1eb2adbac89467c8ffa0d23efa3dd92
libxslt-1.1.17-2.el5_1.1.ppc64.rpm     c0292c5f91a3aec22b1daecab1bf0504
libxslt-devel-1.1.17-2.el5_1.1.ppc.rpm     46d3087ce542493d677081960d16893d
libxslt-devel-1.1.17-2.el5_1.1.ppc64.rpm     e7a1cfe8f696b3860eab7ed5e2fcc6cd
libxslt-python-1.1.17-2.el5_1.1.ppc.rpm     9975faa193082e5a90c947fb4424ebc1
 
s390x:
libxslt-1.1.17-2.el5_1.1.s390.rpm     17b3a5a3add00de3f418c4272a4b2744
libxslt-1.1.17-2.el5_1.1.s390x.rpm     a2d1ad7b23490f20741c48ccb8976de3
libxslt-devel-1.1.17-2.el5_1.1.s390.rpm     a67a0b17e447c35d552aac0e7a1e3727
libxslt-devel-1.1.17-2.el5_1.1.s390x.rpm     d618e7701bdae86845c6b1f712450da9
libxslt-python-1.1.17-2.el5_1.1.s390x.rpm     6f4029663d4c33a0e377be43ecbc5f5d
 
x86_64:
libxslt-1.1.17-2.el5_1.1.i386.rpm     f7de7b4383514c2cdc07fcc88a5a732a
libxslt-1.1.17-2.el5_1.1.x86_64.rpm     59a901acfb519d5cc05682a0a6ca3706
libxslt-devel-1.1.17-2.el5_1.1.i386.rpm     65b60c7ca2293cbaea8c78957b456b86
libxslt-devel-1.1.17-2.el5_1.1.x86_64.rpm     74de81181096085184be4e903ba2ef0e
libxslt-python-1.1.17-2.el5_1.1.x86_64.rpm     4b213e59a5c41b1ba3db4bf90fc58d71
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
libxslt-1.0.15-3.src.rpm     167ae21cdda82ff6ad1c1dbfacb35f5a
 
IA-32:
libxslt-1.0.15-3.i386.rpm     a72ede6a742b97ab42bac7c0b1c45c3d
libxslt-devel-1.0.15-3.i386.rpm     6f066c4f8e3e64f8212f526b17370adf
libxslt-python-1.0.15-3.i386.rpm     add5fe311fcac0db4a6cebc40d2fb05c
 
IA-64:
libxslt-1.0.15-3.ia64.rpm     972e8a3c2b2294d9e95d2a02ff247d5f
libxslt-devel-1.0.15-3.ia64.rpm     ee6d2b4ea393a95a0c342b5e128c520f
libxslt-python-1.0.15-3.ia64.rpm     a45c502dc00f62831232b1611e1a9866
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
libxslt-1.0.33-6.src.rpm     3503db7cca9cd6f0c2dee1bb17f87c04
 
IA-32:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-devel-1.0.33-6.i386.rpm     51cf6e87109ed9bfc8096c1ab1e61d33
 
IA-64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.ia64.rpm     cf7982a70e688fd44bb2cce1a44f8b7c
libxslt-devel-1.0.33-6.ia64.rpm     0e87a8d0bf4fdb465cc6796bd44fe20e
 
PPC:
libxslt-1.0.33-6.ppc.rpm     10f368a9cfc818530c7cade9d3a66261
libxslt-1.0.33-6.ppc64.rpm     fe5c9d6a4af38fe3687cfbc6b68ac3ea
libxslt-devel-1.0.33-6.ppc.rpm     2b48f8ee000ad5f6e79d5fe960a9f94a
 
s390:
libxslt-1.0.33-6.s390.rpm     241b9186adfc45d06103484866d19c29
libxslt-devel-1.0.33-6.s390.rpm     ec6336910bbc68deb252a3b236c14f84
 
s390x:
libxslt-1.0.33-6.s390.rpm     241b9186adfc45d06103484866d19c29
libxslt-1.0.33-6.s390x.rpm     df05c2199cb4de957d43447c2de7bda8
libxslt-devel-1.0.33-6.s390x.rpm     2335d18264c5aee0c080509e54d953ac
 
x86_64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.x86_64.rpm     05b8595bd5a6ee2094c2aad21d7194b6
libxslt-devel-1.0.33-6.x86_64.rpm     13b8e94f7dd351bda8a3fd2b36dae6c1
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
libxslt-1.1.11-1.el4_6.1.src.rpm     a3ea6e78e45df10ff0f618fadff44038
 
IA-32:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-devel-1.1.11-1.el4_6.1.i386.rpm     84e036bc8c0eb262487b0f83de2c927f
libxslt-python-1.1.11-1.el4_6.1.i386.rpm     fa7cef400421c41b5b2638f90ff4748c
 
IA-64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.ia64.rpm     79d969152d2469216a15c5e841650c3c
libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm     1ce2001e1443bf64deb55c89f1d52cc7
libxslt-python-1.1.11-1.el4_6.1.ia64.rpm     8bb01e87965bccef3bb444b33ca3f44e
 
PPC:
libxslt-1.1.11-1.el4_6.1.ppc.rpm     2b074a732465709ab334b9a14a9d0796
libxslt-1.1.11-1.el4_6.1.ppc64.rpm     c1f09fb7d803f6a7cae94410cb9fd747
libxslt-devel-1.1.11-1.el4_6.1.ppc.rpm     0048da21aa84bc4efc5e239be950df08
libxslt-python-1.1.11-1.el4_6.1.ppc.rpm     656301a73e20b78b5b86ff7ab60b7e24
 
s390:
libxslt-1.1.11-1.el4_6.1.s390.rpm     340ccad46d02b6b2c231497e75e5d86e
libxslt-devel-1.1.11-1.el4_6.1.s390.rpm     dbba954fd4a30929f30f7c090d222175
libxslt-python-1.1.11-1.el4_6.1.s390.rpm     b30bc6cc470df14b9cf354035c1d9baf
 
s390x:
libxslt-1.1.11-1.el4_6.1.s390.rpm     340ccad46d02b6b2c231497e75e5d86e
libxslt-1.1.11-1.el4_6.1.s390x.rpm     6775f937408d66728842c0a351bf4f68
libxslt-devel-1.1.11-1.el4_6.1.s390x.rpm     4c2fc004000cbe7176ab285ec45ed40a
libxslt-python-1.1.11-1.el4_6.1.s390x.rpm     64c3f2c1ba168fe45fffb07cff0108a3
 
x86_64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.x86_64.rpm     dacea7103b284aa21878fb16313bd052
libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm     84de9a33b9c412bc589053f169f64eea
libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm     761252a8f16224ac07ed8d1cae83d2c1
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
libxslt-1.1.17-2.el5_1.1.src.rpm     5105cad8d59bdf6bbcf87c80c00dbfdd
 
IA-32:
libxslt-1.1.17-2.el5_1.1.i386.rpm     f7de7b4383514c2cdc07fcc88a5a732a
libxslt-python-1.1.17-2.el5_1.1.i386.rpm     fa1b8a68113b3e5b9859ca30661d37b8
 
x86_64:
libxslt-1.1.17-2.el5_1.1.i386.rpm     f7de7b4383514c2cdc07fcc88a5a732a
libxslt-1.1.17-2.el5_1.1.x86_64.rpm     59a901acfb519d5cc05682a0a6ca3706
libxslt-python-1.1.17-2.el5_1.1.x86_64.rpm     4b213e59a5c41b1ba3db4bf90fc58d71
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
libxslt-1.0.15-3.src.rpm     167ae21cdda82ff6ad1c1dbfacb35f5a
 
IA-32:
libxslt-1.0.15-3.i386.rpm     a72ede6a742b97ab42bac7c0b1c45c3d
libxslt-devel-1.0.15-3.i386.rpm     6f066c4f8e3e64f8212f526b17370adf
libxslt-python-1.0.15-3.i386.rpm     add5fe311fcac0db4a6cebc40d2fb05c
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
libxslt-1.0.33-6.src.rpm     3503db7cca9cd6f0c2dee1bb17f87c04
 
IA-32:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-devel-1.0.33-6.i386.rpm     51cf6e87109ed9bfc8096c1ab1e61d33
 
IA-64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.ia64.rpm     cf7982a70e688fd44bb2cce1a44f8b7c
libxslt-devel-1.0.33-6.ia64.rpm     0e87a8d0bf4fdb465cc6796bd44fe20e
 
x86_64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.x86_64.rpm     05b8595bd5a6ee2094c2aad21d7194b6
libxslt-devel-1.0.33-6.x86_64.rpm     13b8e94f7dd351bda8a3fd2b36dae6c1
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
libxslt-1.1.11-1.el4_6.1.src.rpm     a3ea6e78e45df10ff0f618fadff44038
 
IA-32:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-devel-1.1.11-1.el4_6.1.i386.rpm     84e036bc8c0eb262487b0f83de2c927f
libxslt-python-1.1.11-1.el4_6.1.i386.rpm     fa7cef400421c41b5b2638f90ff4748c
 
IA-64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.ia64.rpm     79d969152d2469216a15c5e841650c3c
libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm     1ce2001e1443bf64deb55c89f1d52cc7
libxslt-python-1.1.11-1.el4_6.1.ia64.rpm     8bb01e87965bccef3bb444b33ca3f44e
 
x86_64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.x86_64.rpm     dacea7103b284aa21878fb16313bd052
libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm     84de9a33b9c412bc589053f169f64eea
libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm     761252a8f16224ac07ed8d1cae83d2c1
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
libxslt-1.0.15-3.src.rpm     167ae21cdda82ff6ad1c1dbfacb35f5a
 
IA-32:
libxslt-1.0.15-3.i386.rpm     a72ede6a742b97ab42bac7c0b1c45c3d
libxslt-devel-1.0.15-3.i386.rpm     6f066c4f8e3e64f8212f526b17370adf
libxslt-python-1.0.15-3.i386.rpm     add5fe311fcac0db4a6cebc40d2fb05c
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
libxslt-1.0.33-6.src.rpm     3503db7cca9cd6f0c2dee1bb17f87c04
 
IA-32:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-devel-1.0.33-6.i386.rpm     51cf6e87109ed9bfc8096c1ab1e61d33
 
IA-64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.ia64.rpm     cf7982a70e688fd44bb2cce1a44f8b7c
libxslt-devel-1.0.33-6.ia64.rpm     0e87a8d0bf4fdb465cc6796bd44fe20e
 
x86_64:
libxslt-1.0.33-6.i386.rpm     932324c6a50d41befece746d74e0aeb8
libxslt-1.0.33-6.x86_64.rpm     05b8595bd5a6ee2094c2aad21d7194b6
libxslt-devel-1.0.33-6.x86_64.rpm     13b8e94f7dd351bda8a3fd2b36dae6c1
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
libxslt-1.1.11-1.el4_6.1.src.rpm     a3ea6e78e45df10ff0f618fadff44038
 
IA-32:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-devel-1.1.11-1.el4_6.1.i386.rpm     84e036bc8c0eb262487b0f83de2c927f
libxslt-python-1.1.11-1.el4_6.1.i386.rpm     fa7cef400421c41b5b2638f90ff4748c
 
IA-64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.ia64.rpm     79d969152d2469216a15c5e841650c3c
libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm     1ce2001e1443bf64deb55c89f1d52cc7
libxslt-python-1.1.11-1.el4_6.1.ia64.rpm     8bb01e87965bccef3bb444b33ca3f44e
 
x86_64:
libxslt-1.1.11-1.el4_6.1.i386.rpm     f1787d396f0dc93a17ee1079434aed9d
libxslt-1.1.11-1.el4_6.1.x86_64.rpm     dacea7103b284aa21878fb16313bd052
libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm     84de9a33b9c412bc589053f169f64eea
libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm     761252a8f16224ac07ed8d1cae83d2c1
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
libxslt-1.0.15-3.src.rpm     167ae21cdda82ff6ad1c1dbfacb35f5a
 
IA-64:
libxslt-1.0.15-3.ia64.rpm     972e8a3c2b2294d9e95d2a02ff247d5f
libxslt-devel-1.0.15-3.ia64.rpm     ee6d2b4ea393a95a0c342b5e128c520f
libxslt-python-1.0.15-3.ia64.rpm     a45c502dc00f62831232b1611e1a9866
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446809 - CVE-2008-1767 libxslt: fixed-sized steps array overflow via "template match" condition in XSL file


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/


[***** End Red Hat  RHSA-2008:0287-2 *****]
CIRC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/