ELA-185-1 libxslt security update

information disclosure

2019-10-27
Packagelibxslt
Version1.1.26-14.1+deb7u7
Related CVE CVE-2019-18197

A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C.

In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u7.

We recommend that you upgrade your libxslt packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/