[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5884-1] libxslt security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5884-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 23, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxslt
CVE ID         : CVE-2024-55549 CVE-2025-24855
Debian Bug     : 1100565 1100566

Ivan Fratric discovered two use-after-free vulnerabilities in libxslt,
an XSLT processing runtime library, which may result in the execution of
arbitrary code if a specially crafted files are processed.

For the stable distribution (bookworm), these problems have been fixed in
version 1.1.35-1+deb12u1.

We recommend that you upgrade your libxslt packages.

For the detailed security status of libxslt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libxslt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfgEtdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ti5g/+JD0tgbozRtMeu350/gfB1L3SNy5AW/CcPHeWiF/9V6xPBh3uBfiNg6lQ
/iapOsRaCzJoxjO5ZNcn+ilduKo2ZJEa3ctoP3Mx0rUXXcfLvnZ9pl+iQ5+KNvDQ
BIWG9osDcVewQ+6Ue6XRUuPZTf6ETH3EyGCK3yltPFjXf7D197MWhSCcabxZxEPs
akyeiVTJx2NcTDayg4hEc3nYEw5iFRwGoBRRcohb57HtdThJNPzNGK3emW5Q5G75
TfEAL2mE40j0O88lbA9acElxLdcHt2bTrkrpSk95mVeXROh3r/qrsP9vh+fG85PR
v/C7UsygxoORoH565JEROmiHbt2DmONVvWLHTqKvEWG98F3E/yMroICva01jKMpa
7lqRXPXfmDCOvO79YoenEs1qofYxuCsx1p4lDLwBDVHCyyBl1uLcliDZ8oIzNEAk
qppEtNZM/C4I5DgJOFYwk6eJt5HAdgzNzV2qqF21JvX/wHPJlWZa/BFNIL0Tp6kF
u9aYVMvVRKVmawSWypgvAGFmvtgfImWZFfy4HqW2FsKGNbL+0Ppqtu/AKKwxN+/v
UT3n817pm8uR5te9VDhH2cJNeL195wQ3HXOi1IGGSD5bZGQIBOf+Ky/MCzD56rZ/
pWrE0aads5nc5zuvZXeNf+efLQQfoo1Fia+mlaupYJhYB6fWpGs=
=qjKq
-----END PGP SIGNATURE-----
Reply to: