ALT-PU-2019-3146-1
Closed vulnerabilities
Published: 2019-02-15
BDU:2019-04263
Уязвимость XSLT C библиотеки libxslt, связанная с недостатками контроля доступа, позволяющая нарушителю обойти механизмы защиты и осуществить XXE-атаку
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-07-10
BDU:2020-00859
Уязвимость функции xsltNumberFormatInsertNumbers библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-01-02
BDU:2020-00861
Уязвимость функции xsltNumberFormatDecimal библиотеки libxslt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-04-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1433
- openSUSE-SU-2019:1433
- openSUSE-SU-2019:1428
- openSUSE-SU-2019:1428
- openSUSE-SU-2019:1430
- openSUSE-SU-2019:1430
- openSUSE-SU-2019:1527
- openSUSE-SU-2019:1527
- openSUSE-SU-2019:1824
- openSUSE-SU-2019:1824
- [oss-security] 20190422 Nokogiri security update v1.10.3
- [oss-security] 20190422 Nokogiri security update v1.10.3
- [oss-security] 20190423 Re: Nokogiri security update v1.10.3
- [oss-security] 20190423 Re: Nokogiri security update v1.10.3
- https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
- https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
- [debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update
- [debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update
- FEDORA-2019-e21c77ffae
- FEDORA-2019-e21c77ffae
- FEDORA-2019-e74d639587
- FEDORA-2019-e74d639587
- FEDORA-2019-320d5295fc
- FEDORA-2019-320d5295fc
- https://security.netapp.com/advisory/ntap-20191017-0001/
- https://security.netapp.com/advisory/ntap-20191017-0001/
- USN-3947-1
- USN-3947-1
- USN-3947-2
- USN-3947-2
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Published: 2019-07-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
- openSUSE-SU-2020:0731
- openSUSE-SU-2020:0731
- [oss-security] 20191117 Nokogiri security update v1.10.5
- [oss-security] 20191117 Nokogiri security update v1.10.5
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
- https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
- https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update
- [debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update
- FEDORA-2019-fdf6ec39b4
- FEDORA-2019-fdf6ec39b4
- https://oss-fuzz.com/testcase-detail/5631739747106816
- https://oss-fuzz.com/testcase-detail/5631739747106816
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://security.netapp.com/advisory/ntap-20200122-0003/
- https://security.netapp.com/advisory/ntap-20200122-0003/
- USN-4164-1
- USN-4164-1
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
Published: 2019-07-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
- openSUSE-SU-2020:0731
- openSUSE-SU-2020:0731
- 20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
- 20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
- 20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190723 APPLE-SA-2019-7-22-1 iOS 12.4
- 20190723 APPLE-SA-2019-7-22-1 iOS 12.4
- 20190723 APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190723 APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190723 APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190723 APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6
- 20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6
- 20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13
- 20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13
- 20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
- 20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
- [oss-security] 20191117 Nokogiri security update v1.10.5
- [oss-security] 20191117 Nokogiri security update v1.10.5
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
- https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
- https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update
- [debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update
- FEDORA-2019-fdf6ec39b4
- FEDORA-2019-fdf6ec39b4
- https://oss-fuzz.com/testcase-detail/5197371471822848
- https://oss-fuzz.com/testcase-detail/5197371471822848
- 20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- 20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
- 20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
- 20190723 APPLE-SA-2019-7-22-1 iOS 12.4
- 20190723 APPLE-SA-2019-7-22-1 iOS 12.4
- 20190723 APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190723 APPLE-SA-2019-7-22-4 watchOS 5.3
- 20190723 APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190723 APPLE-SA-2019-7-22-5 tvOS 12.4
- 20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6
- 20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6
- 20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13
- 20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13
- 20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
- 20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://security.netapp.com/advisory/ntap-20200122-0003/
- https://security.netapp.com/advisory/ntap-20200122-0003/
- https://support.apple.com/kb/HT210346
- https://support.apple.com/kb/HT210346
- https://support.apple.com/kb/HT210348
- https://support.apple.com/kb/HT210348
- https://support.apple.com/kb/HT210351
- https://support.apple.com/kb/HT210351
- https://support.apple.com/kb/HT210353
- https://support.apple.com/kb/HT210353
- https://support.apple.com/kb/HT210356
- https://support.apple.com/kb/HT210356
- https://support.apple.com/kb/HT210357
- https://support.apple.com/kb/HT210357
- https://support.apple.com/kb/HT210358
- https://support.apple.com/kb/HT210358
- USN-4164-1
- USN-4164-1
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html