ELA-145-1 libxslt security update

memory corruption

2019-07-20
Packagelibxslt
Version1.1.26-14.1+deb7u6
Related CVEs CVE-2016-4609 CVE-2016-4610


CVE-2016-4610

Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors.

CVE-2016-4609

Out-of-bounds read at xmlGetLineNoInternal()
libxslt allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown vectors.


For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u6.

We recommend that you upgrade your libxslt packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.