Debian 10260 Published by

Updated libxslt packages has been released for Debian GNU/Linux 8 LTS



Package : libxslt
Version : 1.1.28-2+deb8u4
CVE ID : CVE-2019-11068
Debian Bug : #926895

It was discovered that there was a authentication bypass
vulnerability in libxslt, a widely-used library for transforming
files from XML to other arbitrary format.

The xsltCheckRead and xsltCheckWrite routines permitted access upon
receiving an-1 error code and (as xsltCheckRead returned -1 for a
specially-crafted URL that is not actually invalid) the attacker was
subsequently authenticated.

For Debian 8 "Jessie", this issue has been fixed in libxslt version
1.1.28-2+deb8u4.

We recommend that you upgrade your libxslt packages.