Advisories » MGASA-2017-0125

Updated libxslt packages fix security vulnerability

Publication date: 02 May 2017
Modification date: 02 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5029

Description

Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use this to
craft a malicious document that, when opened, could cause a denial of
service (application crash) or possible execute arbitrary code
(CVE-2017-5029).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20760
• https://www.ubuntu.com/usn/usn-3271-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029

SRPMS

5/core

• libxslt-1.1.29-1.2.mga5