Libxslt Security Update for Debian 8 LTS
Posted on: 04/16/2019 07:03 AM

Updated libxslt packages has been released for Debian GNU/Linux 8 LTS

Package : libxslt
Version : 1.1.28-2+deb8u4
CVE ID : CVE-2019-11068
Debian Bug : #926895

It was discovered that there was a authentication bypass
vulnerability in libxslt, a widely-used library for transforming
files from XML to other arbitrary format.

The xsltCheckRead and xsltCheckWrite routines permitted access upon
receiving an-1 error code and (as xsltCheckRead returned -1 for a
specially-crafted URL that is not actually invalid) the attacker was
subsequently authenticated.

For Debian 8 "Jessie", this issue has been fixed in libxslt version
1.1.28-2+deb8u4.

We recommend that you upgrade your libxslt packages.



Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/libxslt_security_update_for_debian_8_lts.html)