First Last Prev Next    This bug is not in your last search results.
Bug 25685 - libxslt: Mehrere Lücken (2.4)
libxslt: Mehrere Lücken (2.4)
Status: CLOSED WONTFIX
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P2 normal (vote)
: UCS 2.4-secX
Assigned To: Security maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-03 17:00 CET by Moritz Muehlenhoff
Modified: 2019-04-11 19:25 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2012-01-03 17:00:12 CET 
CVE-2011-1202

Die generate-id()-Funktion erlaubt das Auslesen von der Speicheradresse des Objekts. Das kann beispielsweise zum Aushebeln von ASLR führen.
Comment 1 Moritz Muehlenhoff univentionstaff 2012-02-20 17:24:35 CET 
\item Denial of Service durch ungültigen Speicherzugriff (CVE-2011-3970)
Comment 2 Moritz Muehlenhoff univentionstaff 2012-06-27 17:23:16 CEST 
\item Denial of Service im Parsen von DTDs (CVE-2012-2825)
Comment 3 Moritz Muehlenhoff univentionstaff 2012-10-02 14:55:18 CEST 
- Double-Free in der XML-Verarbeitung (CVE-2012-2893)
- Use-after-Free in der Verarbeitung von XPath-Statements (CVE-2012-2870)
- Bufferoverflow bei XSL-Transformationen (CVE-2012-2871)
Comment 4 Moritz Muehlenhoff univentionstaff 2013-03-28 12:08:44 CET 
- Denial of service in XSL transformations (CVE-2012-6139)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-01-02 07:36:16 CET 
The maintenance with bug and security fixes for UCS 2.4-x has ended on the 31st of December 2013. 

Customers still on UCS 2.4-x are encouraged to update to UCS 3.x. Please contact
your partner or Univention for any questions.
First Last Prev Next    This bug is not in your last search results.