libxslt XSL文件处理缓冲区溢出漏洞
BUGTRAQ ID: 29312 CVE(CAN) ID: CVE-2008-1767 Libxslt是为GNOME项目开发的XSLT C库,XSLT本身是用于定义XML转换的XML语言。 libxslt库在转换XML文档期间使用的固定大小的数组,如果XSL样式表文件中设置了特定的template match条件的话,则使用该库的应用程序在解析文件时会触发缓冲区溢出,导致应用程序崩溃或执行任意指令。 XMLSoft libxslt < 1.1.24 Debian ------ Debian已经为此发布了一个安全公告(DSA-1589-1)以及相应补丁: DSA-1589-1:New libxslt packages fix execution of arbitrary code 链接:<a href=http://www.debian.org/security/2008/dsa-1589 target=_blank>http://www.debian.org/security/2008/dsa-1589</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz</a> Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc</a> Size/MD5 checksum: 849 27df832e1c58fa0b4ee2fc08ae23eb52 <a...
BUGTRAQ ID: 29312 CVE(CAN) ID: CVE-2008-1767 Libxslt是为GNOME项目开发的XSLT C库,XSLT本身是用于定义XML转换的XML语言。 libxslt库在转换XML文档期间使用的固定大小的数组,如果XSL样式表文件中设置了特定的template match条件的话,则使用该库的应用程序在解析文件时会触发缓冲区溢出,导致应用程序崩溃或执行任意指令。 XMLSoft libxslt < 1.1.24 Debian ------ Debian已经为此发布了一个安全公告(DSA-1589-1)以及相应补丁: DSA-1589-1:New libxslt packages fix execution of arbitrary code 链接:<a href=http://www.debian.org/security/2008/dsa-1589 target=_blank>http://www.debian.org/security/2008/dsa-1589</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz</a> Size/MD5 checksum: 2799906 622e5843167593c8ea39bf86c66b8fcf <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc</a> Size/MD5 checksum: 849 27df832e1c58fa0b4ee2fc08ae23eb52 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz</a> Size/MD5 checksum: 149924 3135ddae6ed99518ca98cb6dd32f9cf5 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb</a> Size/MD5 checksum: 107220 cb23c0170e99f97ba4a6328b6c15d4e8 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb</a> Size/MD5 checksum: 131268 264ec9a09e6fd46eb6acb82b6e2e458f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb</a> Size/MD5 checksum: 690048 6af24b16a70e3eda53cf9b01aeb72abe <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb</a> Size/MD5 checksum: 362862 b0bfc373c7b2b029bdecc32fe3c6b393 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb</a> Size/MD5 checksum: 230516 c613baf2799aca2b10f704c72d65f6dd amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb</a> Size/MD5 checksum: 131736 bd359cba79ae664919f1d28bb7ee7bb9 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb</a> Size/MD5 checksum: 630600 9f2ce6f099ad058ddb7756c6bec0ad04 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb</a> Size/MD5 checksum: 225362 6fad243b75ab8773edac788ae83ff0b2 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb</a> Size/MD5 checksum: 106520 86122035aa23a3ac883a90f2ad206cb3 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb</a> Size/MD5 checksum: 360490 43bf746a2e2d510dc2b42bce0ebfe846 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb</a> Size/MD5 checksum: 126438 8d9a6a49d04b7b718ea4891090590ebe <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb</a> Size/MD5 checksum: 213174 5a22f4ddde902b9e62b320d595c717e4 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb</a> Size/MD5 checksum: 106410 fa92dc9b78ddafc576c917dc634850f7 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb</a> Size/MD5 checksum: 344476 84490df6ef91ef8d59397efd08141adb <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb</a> Size/MD5 checksum: 612866 b755daf391dc131cec3cf5170f7ff3ef hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb</a> Size/MD5 checksum: 132206 246544f21eb977706164148ac110fef4 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb</a> Size/MD5 checksum: 656512 278e6530497e001b7af16b8c97259640 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb</a> Size/MD5 checksum: 107496 3c104b63b086ee54e45796cf8f8f5736 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb</a> Size/MD5 checksum: 238066 ec3a5a9b5ed19d8cea6e207b94960b06 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb</a> Size/MD5 checksum: 359052 99da4dbb694efd07fec538b0dfba57da i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb</a> Size/MD5 checksum: 215768 065db1534d256efaa0bdbed1d5bc2efa <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb</a> Size/MD5 checksum: 106010 d736922f8f98e3655e0d17c47c182911 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb</a> Size/MD5 checksum: 610254 7d2f1de6b328363d404e0167b2c3d0b2 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb</a> Size/MD5 checksum: 127542 036211c64911322aad9f5afa3c67a8ce <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb</a> Size/MD5 checksum: 350172 fbd79c2f46affc6a6daea73b95c5fe4c ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb</a> Size/MD5 checksum: 110354 a086d9e71e7152286ff25d6c28d1c188 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb</a> Size/MD5 checksum: 688004 a39cdbeb7e2bec2db123baf9fb936141 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb</a> Size/MD5 checksum: 286602 c417da9ebd63d8338401253df1194e01 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb</a> Size/MD5 checksum: 361472 3643ac55a03571fa185c4e0700298e82 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb</a> Size/MD5 checksum: 135176 9cdb256571bf9606ed56840a1e88ddb4 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb</a> Size/MD5 checksum: 106622 5f3f9bff564736decdac2c69983211a0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb</a> Size/MD5 checksum: 213366 128a0294b6a09059fedb618371ec9d09 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb</a> Size/MD5 checksum: 650424 55eab53a1978e3e2a7c1f7dbd68fc04c <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb</a> Size/MD5 checksum: 128934 3d52f0f986dd862e8119eabeca944e35 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb</a> Size/MD5 checksum: 371998 8f2ea540fd91ca75559d8589c8855de7 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb</a> Size/MD5 checksum: 213564 c405f7eef65b01491758e64551b7977f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb</a> Size/MD5 checksum: 624640 9d2b59c3820eb9c99671399f967e0f3e <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb</a> Size/MD5 checksum: 363788 09bdf35805a2de68a4d1dfe15c28dcfc <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb</a> Size/MD5 checksum: 106668 2633adeeddc2edc4e36e45a7e4e92c2f <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb</a> Size/MD5 checksum: 128564 c768001b8441118205f9f513af83e485 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb</a> Size/MD5 checksum: 611678 3d3acc7b7be03bd0bb2e31dcadf05720 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb</a> Size/MD5 checksum: 365012 94f6735cc42e233a67fd46df084120ee <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb</a> Size/MD5 checksum: 108104 bca54d59be466884a5cfde0532a324df <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb</a> Size/MD5 checksum: 222790 12aef46d1088d93375ab824b73702bc2 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb</a> Size/MD5 checksum: 130124 37bb5353c81ed15374acc7305cc54839 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb</a> Size/MD5 checksum: 106798 0a96df71e63deb7d7124aab48152a5df <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb</a> Size/MD5 checksum: 131712 89e70e2d2fadd7b7ec9268d907a62d29 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb</a> Size/MD5 checksum: 226596 751b28fafff17f6fcb8b2f4c0df370c0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb</a> Size/MD5 checksum: 601572 85051174031d0ff2c22fb87d1ab759c0 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb</a> Size/MD5 checksum: 357722 661c9551483bf52573e52646aaa13b60 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb</a> Size/MD5 checksum: 106330 e6c23ad0752b3c7c22857c935befb984 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb</a> Size/MD5 checksum: 129134 e6c3f1402576da329d515d9411f7fd53 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb</a> Size/MD5 checksum: 217862 2ce2c27d8de0dc78ee4162b9664f7144 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb</a> Size/MD5 checksum: 598868 0acf342e57619d34685f76b879da8891 <a href=http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb</a> Size/MD5 checksum: 335962 947c59cd2f23b55b897ded3b31ccc1a6 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0287-01)以及相应补丁: RHSA-2008:0287-01:Important: libxslt security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0287.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0287.html</a> XMLSoft ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://bugzilla.gnome.org/attachment.cgi?id=109216&action=view target=_blank>http://bugzilla.gnome.org/attachment.cgi?id=109216&action=view</a> <a href=http://svn.gnome.org/viewvc/libxslt/trunk/libxslt/pattern.c?r1=1469&r2=1468&pathrev=1469 target=_blank>http://svn.gnome.org/viewvc/libxslt/trunk/libxslt/pattern.c?r1=1469&r2=1468&pathrev=1469</a>
漏洞利用/PoC
受影响的平台与产品
消息提示
- 添加资源
- 收藏资源
- 问题反馈
贡献用户
- 暂无贡献用户
相关漏洞清单
- 暂无相关漏洞