Synopsis: Moderate: xmlsec1 security and bug fix update
Issue date: 2011-05-04
CVE Names: CVE-2011-1425
A flaw was found in the way xmlsec1 handled XML files that contain an XSLT
transformation specification. A specially-crafted XML file could cause
xmlsec1 to create or overwrite an arbitrary file while performing the
verification of a file's digital signature. (CVE-2011-1425)
After installing the update, all running applications that use the
xmlsec1 library must be restarted for
the update to take effect.
SL 4.x
SRPMS:
xmlsec1-1.2.6-3.2.src.rpm
i386:
xmlsec1-1.2.6-3.2.i386.rpm
xmlsec1-devel-1.2.6-3.2.i386.rpm
xmlsec1-openssl-1.2.6-3.2.i386.rpm
xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm
x86_64:
xmlsec1-1.2.6-3.2.i386.rpm
xmlsec1-1.2.6-3.2.x86_64.rpm
xmlsec1-devel-1.2.6-3.2.x86_64.rpm
xmlsec1-openssl-1.2.6-3.2.i386.rpm
xmlsec1-openssl-1.2.6-3.2.x86_64.rpm
xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm
SL 5.x
SRPMS:
xmlsec1-1.2.9-8.1.2.src.rpm
i386:
xmlsec1-1.2.9-8.1.2.i386.rpm
xmlsec1-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm
xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-nss-1.2.9-8.1.2.i386.rpm
xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-openssl-1.2.9-8.1.2.i386.rpm
xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm
x86_64:
xmlsec1-1.2.9-8.1.2.i386.rpm
xmlsec1-1.2.9-8.1.2.x86_64.rpm
xmlsec1-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm
xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm
xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm
xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm
xmlsec1-nss-1.2.9-8.1.2.i386.rpm
xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm
xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm
xmlsec1-openssl-1.2.9-8.1.2.i386.rpm
xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm
xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm
xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm
- Scientific Linux Development Team