SB2015121003 - Input validation error in libxslt (Alpine package)
Published: December 10, 2015
Security Bulletin ID
SB2015121003
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-7995)
The vulnerability allows attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=350f2ab57a98bbb9c39fab9a6cf93d24efe3e60c
- https://git.alpinelinux.org/aports/commit/?id=3d0d39b746da41860bae7ee73adc0905db8f15a1
- https://git.alpinelinux.org/aports/commit/?id=53a6471c2f410e8e4449777370a260ea5c42b4fe
- https://git.alpinelinux.org/aports/commit/?id=548fc94822fbd33d05658f4a62c677f9dbe34d89
- https://git.alpinelinux.org/aports/commit/?id=c1f80a9e308e55bc01e088fb61e0e2b93026e1d5
- https://git.alpinelinux.org/aports/commit/?id=0a242b5fbfe6b94ca5889748f308fe80a494bb96