Description
libxslt receives hereby a LTSS roll-up security update to
fix several security issues:
CVE-2013-4520: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix
for CVE-2012-2825)
CVE-2012-6139: libxslt allowed remote attackers to
cause a denial of service (NULL pointer dereference and
crash) via an (1) empty match attribute in a XSL key to the
xsltAddKey function in keys.c or (2) uninitialized variable
to the xsltDocumentFunction function in functions.c.
CVE-2012-2825: The XSL implementation in libxslt
allowed remote attackers to cause a denial of service
(incorrect read operation) via unspecified vectors.
CVE-2011-3970: libxslt allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.