CVE-2016-4738 in Ubuntu

CVE-2016-4738

Priority

Description

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS before 3 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted web site.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
https://support.apple.com/HT207141
https://support.apple.com/HT207142
https://support.apple.com/HT207143
https://support.apple.com/HT207170
https://ubuntu.com/security/notices/USN-3271-1

Bugs

https://bugs.chromium.org/p/chromium/issues/detail?id=619006

Notes

sbeattie

PoC in the chromium bug

Package

Source: libxslt (LP Ubuntu Debian)

Upstream:	released (1.1.29-2)
Ubuntu 16.04 ESM:	released (1.1.28-2.1ubuntu0.1)
Ubuntu 14.04 ESM:	released (1.1.28-2ubuntu0.1)

Patches:

Upstream:

https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880

More Information

Updated: 2022-04-13 12:22:27 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)