CVE-2011-1425

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Affected products

• aleksey / xml_security_library1.2.16
• aleksey / xml_security_library0.0.1 – 0.0.1
• aleksey / xml_security_library0.0.2 – 0.0.2
• aleksey / xml_security_library0.0.2a – 0.0.2a
• aleksey / xml_security_library0.0.3 – 0.0.3
• aleksey / xml_security_library0.0.4 – 0.0.4
• aleksey / xml_security_library0.0.5 – 0.0.5
• aleksey / xml_security_library0.0.6 – 0.0.6
• aleksey / xml_security_library0.0.7 – 0.0.7
• aleksey / xml_security_library0.0.8 – 0.0.8
• aleksey / xml_security_library0.0.9 – 0.0.9
• aleksey / xml_security_library0.0.10 – 0.0.10
• aleksey / xml_security_library0.0.11 – 0.0.11
• aleksey / xml_security_library0.0.12 – 0.0.12
• aleksey / xml_security_library0.0.13 – 0.0.13
• aleksey / xml_security_library0.0.14 – 0.0.14
• aleksey / xml_security_library0.0.15 – 0.0.15
• aleksey / xml_security_library0.1.0 – 0.1.0
• aleksey / xml_security_library0.1.1 – 0.1.1
• aleksey / xml_security_library1.0.0 – 1.0.0
• aleksey / xml_security_library1.0.0 – 1.0.0
• aleksey / xml_security_library1.0.1 – 1.0.1
• aleksey / xml_security_library1.0.2 – 1.0.2
• aleksey / xml_security_library1.0.3 – 1.0.3
• aleksey / xml_security_library1.0.4 – 1.0.4
• aleksey / xml_security_library1.1.0 – 1.1.0
• aleksey / xml_security_library1.1.1 – 1.1.1
• aleksey / xml_security_library1.1.2 – 1.1.2
• aleksey / xml_security_library1.2.0 – 1.2.0
• aleksey / xml_security_library1.2.1 – 1.2.1
• aleksey / xml_security_library1.2.2 – 1.2.2
• aleksey / xml_security_library1.2.3 – 1.2.3
• aleksey / xml_security_library1.2.4 – 1.2.4
• aleksey / xml_security_library1.2.5 – 1.2.5
• aleksey / xml_security_library1.2.6 – 1.2.6
• aleksey / xml_security_library1.2.7 – 1.2.7
• aleksey / xml_security_library1.2.8 – 1.2.8
• aleksey / xml_security_library1.2.9 – 1.2.9
• aleksey / xml_security_library1.2.10 – 1.2.10
• aleksey / xml_security_library1.2.11 – 1.2.11
• aleksey / xml_security_library1.2.13 – 1.2.13
• aleksey / xml_security_library1.2.14 – 1.2.14
• aleksey / xml_security_library1.2.15 – 1.2.15
• Apple / webkit

References

• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=692133
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0855
• MISChttp://www.securitytracker.com/id?1025284
• VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2219
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:063
• MISChttp://www.securityfocus.com/bid/47135
• MISChttp://trac.webkit.org/changeset/79159
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/1010
• MISChttp://www.aleksey.com/pipermail/xmlsec/2011/009120.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/44423
• MISChttp://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
• MISChttp://www.redhat.com/support/errata/RHSA-2011-0486.html
• MISChttp://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/1172
• VENDOR_ADVISORYhttp://secunia.com/advisories/44167
• VENDOR_ADVISORYhttp://secunia.com/advisories/43920
• MISChttps://bugs.webkit.org/show_bug.cgi?id=52688
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0858
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/66506