[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4089-1] libxslt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4089-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 24, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxslt
Version        : 1.1.34-4+deb11u2
CVE ID         : CVE-2024-55549 CVE-2025-24855
Debian Bug     : 1100565 1100566

Two use-after-free vulnerabilities have been fixed in the XSLT 
processing library libxslt.

CVE-2024-55549

    Use-after-free related to excluded namespaces

CVE-2025-24855

    Use-after-free of XPath context node

For Debian 11 bullseye, these problems have been fixed in version
1.1.34-4+deb11u2.

We recommend that you upgrade your libxslt packages.

For the detailed security status of libxslt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxslt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmfhMCkACgkQiNJCh6LY
mLFVOA/9HzyjNx8SS9B86oqDR7ui76EAnwrLpDycRTMLKSkrdRNL45gqPNnw9EYh
uOxSunZUyQqajLyuyNPTBBTBgPcuaN1i5+43groSvyq0JN8NVQV3A7rntjjk2U7f
iCcaRgL8+Ah3qkMIogtr1N1Ko3Uy6x0HqCaVKQ9AErxl3Xx2Obd3a4K8dv9b01Wo
YFltnQ+eJ52ZcxQVSnPDDLR2dumDnv+I6VPzN+zPWbOkAoL/qO5Nn7wPyRgCRaZx
fDfZln7cr0oCiQik/972eSSBW+nmTWfDles0txzpJ2MytebXCbYJ24k2rribXag7
RjhjV89nnpX10UfH3lFusBHC6ixXZaFwRC3ZuriQ39VY2wh6yWSSJKxd/C09wg3p
7EbDH93agyss9FT8+uRIqy7R7EcQJ/KPyWP6NemF+ztRATKK97H8A2QzGJBfsr3V
kBl68Tc2Y3mEqzYzsZ7ZquD+YdBFpvRMdM43T0nTL0i/9rkjMvIUiJ0LyM5SLI2Z
7T5zAtHW/8iX51cVYa6qyGcVh0AFUJjLD39r6QdgYjsysP7phgvLDdPLdrmGOmJk
Yvc6uvaSduPTHJ8obGbxbQHY7n2EuePI9hRLAmPhr4ICbPk/TIc9hEb+Fre/UxOM
uIUjkWSVBdgz7SyJBoJuiqJvOvT3c+3njo18lnfzq2MuSUvVFms=
=PMX1
-----END PGP SIGNATURE-----


Reply to: