Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2212)

Information

Severity

Severity

Medium

Family

Family

Huawei EulerOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.1

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

The remote host is missing an update for the Huawei EulerOS 'libxslt' package(s) announced via the EulerOS-SA-2019-2212 advisory.

Insight

Insight

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995) numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683) numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)

Affected Software

Affected Software

'libxslt' package(s) on Huawei EulerOS V2.0SP5.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

Please install the updated package(s).

Common Vulnerabilities and Exposures (CVE)