Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7995

Published: 17 November 2015

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Notes

AuthorNote
sbeattie
reproducer in Red Hat bug

Priority

Low

Status

Package Release Status
libxslt
Launchpad, Ubuntu, Debian
precise
Released (1.1.26-8ubuntu1.4)
trusty
Released (1.1.28-2ubuntu0.1)
upstream
Released (1.1.29)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Not vulnerable
(1.1.28-2.1)
yakkety Not vulnerable
(1.1.28-2.1)
zesty Not vulnerable
(1.1.28-2.1)
Patches:
upstream: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617