Libxslt Security Update for Debian 7 ELTS
Posted on: 07/11/2019 09:58 PM

Updated libxslt packages has been released for Debian GNU/Linux 7 Extended LTS

Libxslt Security Update for Debian 7 ELTS

Package: libxslt
Version: 1.1.26-14.1+deb7u5
Related CVE: CVE-2019-13117 CVE-2019-13118

Two flaws were discovered in libxslt, the XSLT processing library.


An xsl:number with certain format strings could lead to an uninitialized
read in xsltNumberFormatInsertNumbers. This could allow an attacker to
discern whether a byte on the stack contains the characters A, a, I, i, or
0, or any other character.


A type holding grouping characters of an xsl:number instruction was too
narrow and an invalid character/length combination could be passed to
xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u5.

We recommend that you upgrade your libxslt packages.

Further information about Extended LTS security advisories can be found at:

Printed from Linux Compatible (