it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5884-1] libxslt security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5884-1] libxslt security update
Date: Sun, 23 Mar 2025 13:57:10 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1twLp8-000CHD-QS AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=M7eB0Fg7i8HeNaqecBuWnR6vmfc0bAlUq/LQWYfHKZU=; b=Ue UfGV+Sgw5D5cPcyLFpqtWAcRIrAn7ki632XBmoCSBKq15d4O78Ji6IcGMLK6fWJQB94ymZlHPrHUG o/oY9tk12YL+oyZ8ay9mHQqixr2LMXS0iWpidoUZfVs07hoVxo31d7F5sm7VaigfCB318hgIDHCWF XKtnoLOWlYKSPWKN9VvAmGrkg0qYsRL8rHK3VjxJUW78wiAoEF7WmLzbAYjDf3xtpIkB7kluqEdvt fhGBHjeSKQCRsDKvZiFpAHcd/b1yq3B154HCFG1iqxblTiHPeo1m5J64C8RPhfH4TNoWRR5JN5/z/ iPLBdf21HNoycORz7BTUO6IxRCSufEWQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 23 Mar 2025 13:57:31 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <BfMvA3l-A_B.A.iohH.LNB4nB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5884-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxslt
CVE ID : CVE-2024-55549 CVE-2025-24855
Debian Bug : 1100565 1100566

Ivan Fratric discovered two use-after-free vulnerabilities in libxslt,
an XSLT processing runtime library, which may result in the execution of
arbitrary code if a specially crafted files are processed.

For the stable distribution (bookworm), these problems have been fixed in
version 1.1.35-1+deb12u1.

We recommend that you upgrade your libxslt packages.

For the detailed security status of libxslt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libxslt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfgEtdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ti5g/+JD0tgbozRtMeu350/gfB1L3SNy5AW/CcPHeWiF/9V6xPBh3uBfiNg6lQ
/iapOsRaCzJoxjO5ZNcn+ilduKo2ZJEa3ctoP3Mx0rUXXcfLvnZ9pl+iQ5+KNvDQ
BIWG9osDcVewQ+6Ue6XRUuPZTf6ETH3EyGCK3yltPFjXf7D197MWhSCcabxZxEPs
akyeiVTJx2NcTDayg4hEc3nYEw5iFRwGoBRRcohb57HtdThJNPzNGK3emW5Q5G75
TfEAL2mE40j0O88lbA9acElxLdcHt2bTrkrpSk95mVeXROh3r/qrsP9vh+fG85PR
v/C7UsygxoORoH565JEROmiHbt2DmONVvWLHTqKvEWG98F3E/yMroICva01jKMpa
7lqRXPXfmDCOvO79YoenEs1qofYxuCsx1p4lDLwBDVHCyyBl1uLcliDZ8oIzNEAk
qppEtNZM/C4I5DgJOFYwk6eJt5HAdgzNzV2qqF21JvX/wHPJlWZa/BFNIL0Tp6kF
u9aYVMvVRKVmawSWypgvAGFmvtgfImWZFfy4HqW2FsKGNbL+0Ppqtu/AKKwxN+/v
UT3n817pm8uR5te9VDhH2cJNeL195wQ3HXOi1IGGSD5bZGQIBOf+Ky/MCzD56rZ/
pWrE0aads5nc5zuvZXeNf+efLQQfoo1Fia+mlaupYJhYB6fWpGs=
=qjKq
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5884-1] libxslt security update, Salvatore Bonaccorso, 23.03.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.