Synopsis:          Moderate: libxslt security update
Advisory ID:       SLSA-2020:4005-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2019-11068
--

Security Fix(es):

* libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by
crafted URL (CVE-2019-11068)

* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)
--

SL7
  x86_64
    libxslt-devel-1.1.28-6.el7.x86_64.rpm
    libxslt-1.1.28-6.el7.i686.rpm
    libxslt-devel-1.1.28-6.el7.i686.rpm
    libxslt-1.1.28-6.el7.x86_64.rpm
    libxslt-debuginfo-1.1.28-6.el7.i686.rpm
    libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm
    libxslt-python-1.1.28-6.el7.x86_64.rpm

- Scientific Linux Development Team