Advisories » MGASA-2019-0175

Updated libxslt packages fix security vulnerability

Publication date: 18 May 2019
Modification date: 18 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11068

Description

libxslt through 1.1.33 allows bypass of a protection mechanism because
callers of xsltCheckRead and xsltCheckWrite permit access even upon
receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL
that is not actually invalid and is subsequently loaded (CVE-2019-11068).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24705
• https://usn.ubuntu.com/usn/usn-3947-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068

SRPMS

6/core

• libxslt-1.1.29-6.1.mga6