Solution
Please Install the Updated Packages.
Insight
libxslt is a C library, based on libxml, for parsing of XML files into other textual formats (eg HTML, plain text and other XML representations of the underlying data). It uses the standard XSLT stylesheet transformation mechanism and, being written in plain ANSI C, is designed to be simple to incorporate into other applications
Anthony de Almeida Lopes reported the libxslt library did not properly process long "
transformation match"
conditions in the XSL stylesheet files.
An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. (CVE-2008-1767)
All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
Affected
libxslt on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, Red Hat Enterprise Linux ES version 2.1,
Red Hat Enterprise Linux WS version 2.1,
Red Hat Enterprise Linux AS version 3,
Red Hat Enterprise Linux ES version 3,
Red Hat Enterprise Linux WS version 3,
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4,
Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1767 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities