Advisories ยป MGASA-2019-0175

Updated libxslt packages fix security vulnerability

Publication date: 18 May 2019
Modification date: 18 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11068

Description

libxslt through 1.1.33 allows bypass of a protection mechanism because
callers of xsltCheckRead and xsltCheckWrite permit access even upon
receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL
that is not actually invalid and is subsequently loaded (CVE-2019-11068).
                

References

SRPMS

6/core