LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA for libxslt on SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Mon, 4 Aug 2008 15:36:18 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

There was a typo in the last e-mail, sorry about that.

We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is
working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new
name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

       SRPMS:
libxslt-1.1.11-1.el4_7.2.sl.src.rpm
       i386:
libxslt-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-devel-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-python-1.1.11-1.el4_7.2.sl.i386.rpm
       x86_64:
libxslt-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-1.1.11-1.el4_7.2.sl.x86_64.rpm
libxslt-devel-1.1.11-1.el4_7.2.sl.x86_64.rpm
libxslt-python-1.1.11-1.el4_7.2.sl.x86_64.rpm

Troy

Troy Dawson wrote:
> Synopsis:       Moderate: libxslt security update
> Issue date:     2008-07-31
> CVE Names:      CVE-2008-2935
>
> A heap buffer overflow flaw was discovered in the RC4 libxslt library
> extension. An attacker could create a malicious XSL file that would cause a
> crash, or, possibly, execute arbitrary code with the privileges of the
> application using the libxslt library to perform XSL transformations on
> untrusted XSL style sheets. (CVE-2008-2935)
>
> SL 4.x
>
>      SRPMS:
> libxslt-1.1.11-1.el4_7.2.src.rpm
>      i386:
> libxslt-1.1.11-1.el4_7.2.i386.rpm
> libxslt-devel-1.1.11-1.el4_7.2.i386.rpm
> libxslt-python-1.1.11-1.el4_7.2.i386.rpm
>      x86_64:
> libxslt-1.1.11-1.el4_7.2.i386.rpm
> libxslt-1.1.11-1.el4_7.2.x86_64.rpm
> libxslt-devel-1.1.11-1.el4_7.2.x86_64.rpm
> libxslt-python-1.1.11-1.el4_7.2.x86_64.rpm
>
> SL 5.x
>
>      SRPMS:
> libxslt-1.1.17-2.el5_2.2.src.rpm
>      i386:
> libxslt-1.1.17-2.el5_2.2.i386.rpm
> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm
> libxslt-python-1.1.17-2.el5_2.2.i386.rpm
>      x86_64:
> libxslt-1.1.17-2.el5_2.2.i386.rpm
> libxslt-1.1.17-2.el5_2.2.x86_64.rpm
> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm
> libxslt-devel-1.1.17-2.el5_2.2.x86_64.rpm
> libxslt-python-1.1.17-2.el5_2.2.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>


--
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV