Bugzilla – Bug 769182
VUL-0: CVE-2012-2825: libxslt invalid read crash
Last modified: 2013-11-21 07:43:09 UTC
Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. ====================================================== Name: CVE-2012-2825 The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. Reference: CONFIRM: http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=127417 git commit referring to the bug report: http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09
Packages for SLE submitted.
The SWAMPID for this issue is 48068. This issue was rated as low. Please submit fixed packages until 2012-07-26. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
bugbot adjusting priority
openSUSE packages submitted as well.
openSUSE-SU-2012:0883-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 769182 CVE References: CVE-2012-2825 Sources used: openSUSE 12.1 (src): libxslt-1.1.26-15.8.1, libxslt-python-1.1.26-15.8.1 openSUSE 11.4 (src): libxslt-1.1.26-3.14.1
done
Update released for: libxslt, libxslt-32bit, libxslt-debuginfo, libxslt-debuginfo-32bit, libxslt-debuginfo-x86, libxslt-debugsource, libxslt-devel, libxslt-devel-32bit, libxslt-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: libxslt, libxslt-devel Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: libxslt, libxslt-32bit, libxslt-debuginfo, libxslt-devel, libxslt-devel-32bit Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: libxslt, libxslt-32bit, libxslt-64bit, libxslt-debuginfo, libxslt-devel, libxslt-devel-32bit, libxslt-devel-64bit, libxslt-x86 Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
This is an autogenerated message for OBS integration: This bug (769182) was mentioned in https://build.opensuse.org/request/show/129669 Evergreen:11.2 / libxslt
This is an autogenerated message for OBS integration: This bug (769182) was mentioned in https://build.opensuse.org/request/show/130286 Evergreen:11.2 / libxslt
Created attachment 566149 [details] libxslt-CVE-2012-2825-2.patch incremental patch using one more check also found in mainline libxslt.
Update released for: libxslt, libxslt-32bit, libxslt-debuginfo, libxslt-devel, libxslt-devel-32bit, libxslt-python, libxslt-python-debuginfo Products: SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
released