1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5884-1] libxslt security update

    From Salvatore Bonaccorso@21:1/5 to All on Sun Mar 23 15:00:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 23, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libxslt
    CVE ID : CVE-2024-55549 CVE-2025-24855
    Debian Bug : 1100565 1100566

    Ivan Fratric discovered two use-after-free vulnerabilities in libxslt,
    an XSLT processing runtime library, which may result in the execution of arbitrary code if a specially crafted files are processed.

    For the stable distribution (bookworm), these problems have been fixed in version 1.1.35-1+deb12u1.

    We recommend that you upgrade your libxslt packages.

    For the detailed security status of libxslt please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/libxslt

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfgEtdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ti5g/+JD0tgbozRtMeu350/gfB1L3SNy5AW/CcPHeWiF/9V6xPBh3uBfiNg6lQ /iapOsRaCzJoxjO5ZNcn+ilduKo2ZJEa3ctoP3Mx0rUXXcfLvnZ9pl+iQ5+KNvDQ BIWG9osDcVewQ+6Ue6XRUuPZTf6ETH3EyGCK3yltPFjXf7D197MWhSCcabxZxEPs akyeiVTJx2NcTDayg4hEc3nYEw5iFRwGoBRRcohb57HtdThJNPzNGK3emW5Q5G75 TfEAL2mE40j0O88lbA9acElxLdcHt2bTrkrpSk95mVeXROh3r/qrsP9vh+fG85PR v/C7UsygxoORoH565JEROmiHbt2DmONVvWLHTqKvEWG98F3E/yMroICva01jKMpa 7lqRXPXfmDCOvO79YoenEs1qofYxuCsx1p4lDLwBDVHCyyBl1uLcliDZ8oIzNEAk qppEtNZM/C4I5DgJOFYwk6eJt5HAdgzNzV2qqF21JvX/wHPJlWZa/BFNIL0Tp6kF u9aYVMvVRKVmawSWypgvAGFmvtgfImWZFfy4HqW2FsKGNbL+0Ppqtu/AKKwxN+/v UT3n817pm8uR5te9VDhH2cJNeL195wQ3HXOi1IGGSD5bZGQIBOf+Ky/MCzD56rZ/ pWrE0aads5nc5zuvZXeNf+efLQQfoo1Fia+mlaupYJhYB6fWpGs=
    =qjKq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)