58541 – libxslt: Multiple issues (5.2)

Bug 58541 - libxslt: Multiple issues (5.2)

Summary: libxslt: Multiple issues (5.2)

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 5.2
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	UCS 5.2-2-errata
Assignee:	Quality Assurance
QA Contact:	Christian Castens

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-08-25 10:17 CEST by Quality Assurance
Modified:	2025-08-27 16:12 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:	7.8 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H) NVD

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2025-08-25 10:17:52 CEST

New Debian libxslt 1.1.35-1+deb12u2 fixes:
This update addresses the following issues:
* libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)  (CVE-2024-55549)
* libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855)
* The issue was addressed with improved memory handling. This issue is fixed  in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey  12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web  content may disclose sensitive information. (CVE-2023-40403)
* A flaw was found in the libxslt library. The same memory field, psvi, is  used for both stylesheet and input data, which can lead to type confusion  during XML transformations. This vulnerability allows an attacker to crash  the application or corrupt memory. In some cases, it may lead to denial of  service or unexpected behavior. (CVE-2025-7424)

Comment 1 Quality Assurance

2025-08-25 11:00:14 CEST

--- mirror/ftp/pool/main/libx/libxslt/libxslt_1.1.35-1+deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-2/source/libxslt_1.1.35-1+deb12u2.dsc
@@ -1,3 +1,10 @@
+1.1.35-1+deb12u2 [Mon, 18 Aug 2025 01:31:08 +0800] Aron Xu <aron@debian.org>:
+
+  * Fix information disclosure with improved memory handling of generated-id()
+    (Closes: #1108074, CVE-2023-40403)
+  * Fix type confusion in xmlNode.psvi between stylesheet and source nodes
+    (Closes: #1109123, CVE-2025-7424)
+
 1.1.35-1+deb12u1 [Sat, 15 Mar 2025 14:53:42 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload by the Security Team.

<http://piuparts.knut.univention.de/5.2-2/#6383962290219649683>

Comment 2 Christian Castens

2025-08-26 10:37:41 CEST

OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-2] 58e4601ac2 Bug #58541: libxslt 1.1.35-1+deb12u2
 doc/errata/staging/libxslt.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

Comment 3 Christian Castens

2025-08-27 16:12:15 CEST

<https://errata.software-univention.de/#/?erratum=5.2x177>