Red Hat Product Errata RHSA-2020:4005 - Security Advisory

Issued:: 2020-09-29
Updated:: 2020-09-29

RHSA-2020:4005 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: libxslt security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libxslt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.

Security Fix(es):

libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)
libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1709697 - CVE-2019-11068 libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
BZ - 1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
x86_64
libxslt-1.1.28-6.el7.i686.rpm	SHA-256: 3b86d868d6a003b8f67c3d687f0b0478fb985df29340501a59c82b92a5132b4e
libxslt-1.1.28-6.el7.x86_64.rpm	SHA-256: ed3ec37460ed09d2ead9117dc16ddaa9747f2aecaedf6c5c496ea1d2fbb03cf2
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-devel-1.1.28-6.el7.i686.rpm	SHA-256: 1d606b0e62d9ea18ddab95f6ded531609a582d26d121efacd7206d2db0060209
libxslt-devel-1.1.28-6.el7.x86_64.rpm	SHA-256: 19e252ec5782b014658e19b505c488b81af4a7730b2cc62de68e0e830dbcd3bf
libxslt-python-1.1.28-6.el7.x86_64.rpm	SHA-256: 80063762a338ac676855c7c239b710adaa77039b39bbd283ee1c732dbf406d87

Red Hat Enterprise Linux Workstation 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
x86_64
libxslt-1.1.28-6.el7.i686.rpm	SHA-256: 3b86d868d6a003b8f67c3d687f0b0478fb985df29340501a59c82b92a5132b4e
libxslt-1.1.28-6.el7.x86_64.rpm	SHA-256: ed3ec37460ed09d2ead9117dc16ddaa9747f2aecaedf6c5c496ea1d2fbb03cf2
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-devel-1.1.28-6.el7.i686.rpm	SHA-256: 1d606b0e62d9ea18ddab95f6ded531609a582d26d121efacd7206d2db0060209
libxslt-devel-1.1.28-6.el7.x86_64.rpm	SHA-256: 19e252ec5782b014658e19b505c488b81af4a7730b2cc62de68e0e830dbcd3bf
libxslt-python-1.1.28-6.el7.x86_64.rpm	SHA-256: 80063762a338ac676855c7c239b710adaa77039b39bbd283ee1c732dbf406d87

Red Hat Enterprise Linux Desktop 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
x86_64
libxslt-1.1.28-6.el7.i686.rpm	SHA-256: 3b86d868d6a003b8f67c3d687f0b0478fb985df29340501a59c82b92a5132b4e
libxslt-1.1.28-6.el7.x86_64.rpm	SHA-256: ed3ec37460ed09d2ead9117dc16ddaa9747f2aecaedf6c5c496ea1d2fbb03cf2
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-devel-1.1.28-6.el7.i686.rpm	SHA-256: 1d606b0e62d9ea18ddab95f6ded531609a582d26d121efacd7206d2db0060209
libxslt-devel-1.1.28-6.el7.x86_64.rpm	SHA-256: 19e252ec5782b014658e19b505c488b81af4a7730b2cc62de68e0e830dbcd3bf
libxslt-python-1.1.28-6.el7.x86_64.rpm	SHA-256: 80063762a338ac676855c7c239b710adaa77039b39bbd283ee1c732dbf406d87

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
s390x
libxslt-1.1.28-6.el7.s390.rpm	SHA-256: f8714380167cc8d179e791d675c7dfcc462050ad2502363910d82d24f5e3d459
libxslt-1.1.28-6.el7.s390x.rpm	SHA-256: afb06e9a4e34e2c0c27ea694bc63ace535f269ffc3b9efc2cd7d71d64f588f06
libxslt-debuginfo-1.1.28-6.el7.s390.rpm	SHA-256: 2f6cce976fe6ec92bddd1ab9aa3d32e94444c4bfffec4a397437aecf762a46bf
libxslt-debuginfo-1.1.28-6.el7.s390x.rpm	SHA-256: 0a89701e03601ed5375ee204b4a3a404eb81f23d7f9c02ba4f4794984e8928fc
libxslt-debuginfo-1.1.28-6.el7.s390x.rpm	SHA-256: 0a89701e03601ed5375ee204b4a3a404eb81f23d7f9c02ba4f4794984e8928fc
libxslt-devel-1.1.28-6.el7.s390.rpm	SHA-256: 6404816112bf54eb761ecbba4ad99dc7741247c57a116263fc8d954c2b4d2b7f
libxslt-devel-1.1.28-6.el7.s390x.rpm	SHA-256: 1aa5ec0a54bb61c9a9357d402813440069da8e89f6c582867f338fcbff2f56a0
libxslt-python-1.1.28-6.el7.s390x.rpm	SHA-256: 6bc98d6a56fc77eb81e07a3466c41030f9d94ce48542da0e624504af16e01fb5

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
ppc64
libxslt-1.1.28-6.el7.ppc.rpm	SHA-256: c9338f099d6b97241e35c16d44becb5b280a74208afdcf2bd790446dfe0f07d8
libxslt-1.1.28-6.el7.ppc64.rpm	SHA-256: 41c46e198242a6f34195f664be2ead7ac37ee79ba78ea8e99f33358af6bb98fc
libxslt-debuginfo-1.1.28-6.el7.ppc.rpm	SHA-256: 922636b4d8097505cb743fadb685d82f134b0db7d2d3550f34fb55bded847399
libxslt-debuginfo-1.1.28-6.el7.ppc64.rpm	SHA-256: 9dad28777a4b1b8d26162042721290df739f60251f7d3b44a2838b70ec3c0d6a
libxslt-debuginfo-1.1.28-6.el7.ppc64.rpm	SHA-256: 9dad28777a4b1b8d26162042721290df739f60251f7d3b44a2838b70ec3c0d6a
libxslt-devel-1.1.28-6.el7.ppc.rpm	SHA-256: c9aa7313e83047db8f2360131fbf8cf846808e433331f16bb14e4793dbe0475a
libxslt-devel-1.1.28-6.el7.ppc64.rpm	SHA-256: 2289d95cd8a7460a87fbba45b2dce89b05bbeb5c909fb071e816a8f545a6add6
libxslt-python-1.1.28-6.el7.ppc64.rpm	SHA-256: a2307f35ab7b54c55d007c357f61087c00425b4704f8609e3135ea5173d98432

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
x86_64
libxslt-1.1.28-6.el7.i686.rpm	SHA-256: 3b86d868d6a003b8f67c3d687f0b0478fb985df29340501a59c82b92a5132b4e
libxslt-1.1.28-6.el7.x86_64.rpm	SHA-256: ed3ec37460ed09d2ead9117dc16ddaa9747f2aecaedf6c5c496ea1d2fbb03cf2
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.i686.rpm	SHA-256: 78a3c9dc02ab7fb7aa362207cf1eadce0b264acf048b240977030c9067b7685e
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-debuginfo-1.1.28-6.el7.x86_64.rpm	SHA-256: 2b1f9c981670c57ff73c1df68fd86469fbd4fbec829928496c1180f62376fed0
libxslt-devel-1.1.28-6.el7.i686.rpm	SHA-256: 1d606b0e62d9ea18ddab95f6ded531609a582d26d121efacd7206d2db0060209
libxslt-devel-1.1.28-6.el7.x86_64.rpm	SHA-256: 19e252ec5782b014658e19b505c488b81af4a7730b2cc62de68e0e830dbcd3bf
libxslt-python-1.1.28-6.el7.x86_64.rpm	SHA-256: 80063762a338ac676855c7c239b710adaa77039b39bbd283ee1c732dbf406d87

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libxslt-1.1.28-6.el7.src.rpm	SHA-256: 506c6bbf8f17f01f3845dd0c2fe489aee402f6fef13796b5429a1642b311eac8
ppc64le
libxslt-1.1.28-6.el7.ppc64le.rpm	SHA-256: fa2f6c08ee59e1c22bbe06600d571972de9f4b08c8e871b9e177661eb94426f3
libxslt-debuginfo-1.1.28-6.el7.ppc64le.rpm	SHA-256: 06c0f62f958896c0e972d51749939855004b23e791914f6b07ffd951826104e6
libxslt-debuginfo-1.1.28-6.el7.ppc64le.rpm	SHA-256: 06c0f62f958896c0e972d51749939855004b23e791914f6b07ffd951826104e6
libxslt-devel-1.1.28-6.el7.ppc64le.rpm	SHA-256: 8e71f65f4d72dcfe124c5afcb2608a7afb98080f15c35aa56049c220c6d88929
libxslt-python-1.1.28-6.el7.ppc64le.rpm	SHA-256: c8fc7a0aa5338e8ac948736e87cfc47b816f3e527ad0d2c082c444f73f72c342

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories