[SECURITY] [DLA 4089-1] libxslt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4089-1] libxslt security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 24 Mar 2025 12:12:57 +0200
Message-id: <[🔎] Z+EwKRXaGTnfN++j@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4089-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 24, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxslt
Version        : 1.1.34-4+deb11u2
CVE ID         : CVE-2024-55549 CVE-2025-24855
Debian Bug     : 1100565 1100566

Two use-after-free vulnerabilities have been fixed in the XSLT 
processing library libxslt.

CVE-2024-55549

    Use-after-free related to excluded namespaces

CVE-2025-24855

    Use-after-free of XPath context node

For Debian 11 bullseye, these problems have been fixed in version
1.1.34-4+deb11u2.

We recommend that you upgrade your libxslt packages.

For the detailed security status of libxslt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxslt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmfhMCkACgkQiNJCh6LY
mLFVOA/9HzyjNx8SS9B86oqDR7ui76EAnwrLpDycRTMLKSkrdRNL45gqPNnw9EYh
uOxSunZUyQqajLyuyNPTBBTBgPcuaN1i5+43groSvyq0JN8NVQV3A7rntjjk2U7f
iCcaRgL8+Ah3qkMIogtr1N1Ko3Uy6x0HqCaVKQ9AErxl3Xx2Obd3a4K8dv9b01Wo
YFltnQ+eJ52ZcxQVSnPDDLR2dumDnv+I6VPzN+zPWbOkAoL/qO5Nn7wPyRgCRaZx
fDfZln7cr0oCiQik/972eSSBW+nmTWfDles0txzpJ2MytebXCbYJ24k2rribXag7
RjhjV89nnpX10UfH3lFusBHC6ixXZaFwRC3ZuriQ39VY2wh6yWSSJKxd/C09wg3p
7EbDH93agyss9FT8+uRIqy7R7EcQJ/KPyWP6NemF+ztRATKK97H8A2QzGJBfsr3V
kBl68Tc2Y3mEqzYzsZ7ZquD+YdBFpvRMdM43T0nTL0i/9rkjMvIUiJ0LyM5SLI2Z
7T5zAtHW/8iX51cVYa6qyGcVh0AFUJjLD39r6QdgYjsysP7phgvLDdPLdrmGOmJk
Yvc6uvaSduPTHJ8obGbxbQHY7n2EuePI9hRLAmPhr4ICbPk/TIc9hEb+Fre/UxOM
uIUjkWSVBdgz7SyJBoJuiqJvOvT3c+3njo18lnfzq2MuSUvVFms=
=PMX1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4088-1] php7.4 security update
Next by Date: [SECURITY] [DLA 4090-1] ruby-rack security update
Previous by thread: [SECURITY] [DLA 4088-1] php7.4 security update
Next by thread: [SECURITY] [DLA 4090-1] ruby-rack security update
Index(es):
- Date
- Thread