CVE-2012-0057

Priority
Medium
Description
PHP before 5.3.9 has improper libxslt security settings, which allows
remote attackers to create arbitrary files via a crafted XSLT stylesheet
that uses the libxslt output extension.
References
Bugs
Notes
jdstrand> watch out for Debian regression (658087) for DSA-2399-1 in php5-xsl
Assigned-to
sbeattie
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.3.9-1)
Ubuntu 8.04 LTS (Hardy Heron):released (5.2.4-2ubuntu5.22)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.3.2-1ubuntu4.13)
Ubuntu 11.04 (Natty Narwhal):released (5.3.5-1ubuntu7.6)
Ubuntu 11.10 (Oneiric Ocelot):released (5.3.6-13ubuntu3.5)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (5.3.10-1ubuntu1)
Patches:
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317759
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317801
Upstream:http://svn.php.net/viewvc/?view=revision&revision=317953
Vendor:http://www.debian.org/security/2012/dsa-2399
Vendor:http://www.debian.org/security/2012/dsa-2399-2
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:36 UTC (commit 5347)