From b4a88dc25f1d84a6610917db3f2eb9161c9e1349 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 15 Nov 2015 14:46:33 -0500 Subject: gnu: libxslt: Add fix for CVE-2015-7995. * gnu/packages/patches/libxslt-CVE-2015-7995.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/xml.scm (libxslt)[source]: Add patch. --- gnu/packages/patches/libxslt-CVE-2015-7995.patch | 29 ++++++++++++++++++++++++ gnu/packages/xml.scm | 3 ++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxslt-CVE-2015-7995.patch (limited to 'gnu') diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch new file mode 100644 index 0000000000..f291d5b387 --- /dev/null +++ b/gnu/packages/patches/libxslt-CVE-2015-7995.patch @@ -0,0 +1,29 @@ +From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Thu, 29 Oct 2015 19:33:23 +0800 +Subject: [PATCH] Fix for type confusion in preprocessing attributes + +CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 +We need to check that the parent node is an element before dereferencing +its namespace +--- + libxslt/preproc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libxslt/preproc.c b/libxslt/preproc.c +index 0eb80a0..7f69325 100644 +--- a/libxslt/preproc.c ++++ b/libxslt/preproc.c +@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { + } else if (IS_XSLT_NAME(inst, "attribute")) { + xmlNodePtr parent = inst->parent; + +- if ((parent == NULL) || (parent->ns == NULL) || ++ if ((parent == NULL) || ++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || + ((parent->ns != inst->ns) && + (!xmlStrEqual(parent->ns->href, inst->ns->href))) || + (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { +-- +2.6.3 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 90ad521c3d..a296e0ac73 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -150,7 +150,8 @@ (define-public libxslt version ".tar.gz")) (sha256 (base32 - "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz")))) + "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz")) + (patches (list (search-patch "libxslt-CVE-2015-7995.patch"))))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") (synopsis "C library for applying XSLT stylesheets to XML documents") -- cgit v1.2.3