Sicherheit: Preisgabe von Informationen in Libxslt


ID:	USN-3947-1

Distribution:	Ubuntu

Plattformen:	Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10

Datum:	Mo, 15. April 2019, 22:53

Referenzen:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068

Applikationen:	The XSLT C library for GNOME

Originalnachricht
--===============2037635799397161895== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-Q5zvSxg7Jl4cc8ENKlo9" --=-Q5zvSxg7Jl4cc8ENKlo9 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-3947-1 April 15, 2019 libxslt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Libxslt could be made to expose sensitive information if it received a specially crafted file. Software Description: - libxslt: XSLT processing library Details: It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libxslt1.1 1.1.32-2ubuntu0.1 Ubuntu 18.04 LTS: libxslt1.1 1.1.29-5ubuntu0.1 Ubuntu 16.04 LTS: libxslt1.1 1.1.28-2.1ubuntu0.2 Ubuntu 14.04 LTS: libxslt1.1 1.1.28-2ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3947-1 CVE-2019-11068 Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.32-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.29-5ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.2 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.2 --=-Q5zvSxg7Jl4cc8ENKlo9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJctNQAAAoJEEW851uECx9p4K4P/jeusIUWc/VRxdhr0TpGdjQA Ud5jeKW3V/wUHnlGp09TkpnVt2+FLCV0eaiaSoxQJrDc/TQYOsPoSYae4Y4U6qxy VGss7ZuXMVci+dIyCsrBNzj2w6XLPgUU0RCpq+UWT0eeD5O9we6U9sRPoNkeEs9E feInXsnIo/qAIt1v705XXOewUwhPcszottp1MJc1KnQ4W7Kmpg6UFd9GvlOJXbZN RPlobblrvzgZucwh9YFHt7eZcK5NYzclzuG9XkgJv34LR1mdVvbPSsdvm792KWjH eXp5bwsuxnvwjgspFzJsxLN5q6MVewslHoqTWiBO3voP+ZcyM8+I1+63sth5tAv5 Kzoc6hnoODg9xB8eHqz37TkuTOePkUbeRPXXO2A1Pjy+OtfDUOVdm23YJlxBnLf6 Cpz0cPjfFKByEgfpBXWRXnUHz6kn7s7fZOS/E2h1yaRkmwZfy71IejY4I1Mrj+WM g+TsXbIdqOYBr9UVWhgY46xkc2kKOtk2e2cKSDjqkHPs7qCRLkKFCtw0pBV9TAPS BjfVG+67Ddy0eOnYKDYKK2htLAnmD/iCBOX97BcBX8Zxe79su/7BBqQH1u6iTeXs wSpLXYYOGmmqz/ByWN4uMrV4+y25stwl8K0mWvY6rNwxWJTLY7DobUm4nWlDpZaa VTxb7eC//xKUGsLIxGc8 =nKov -----END PGP SIGNATURE----- --=-Q5zvSxg7Jl4cc8ENKlo9-- --===============2037635799397161895== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============2037635799397161895==--