Updated libxslt packages fix security vulnerability
Publication date: 18 May 2019Modification date: 18 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11068
Description
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068).
References
SRPMS
6/core
- libxslt-1.1.29-6.1.mga6