Synopsis: Moderate: xmlsec1 security and bug fix update Issue date: 2011-05-04 CVE Names: CVE-2011-1425 A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. (CVE-2011-1425) After installing the update, all running applications that use the xmlsec1 library must be restarted for the update to take effect. SL 4.x SRPMS: xmlsec1-1.2.6-3.2.src.rpm i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm SL 5.x SRPMS: xmlsec1-1.2.9-8.1.2.src.rpm i386: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm x86_64: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-1.2.9-8.1.2.x86_64.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm - Scientific Linux Development Team