MDVSA-2014:006 -- Mandriva libxsltID: oval:org.secpod.oval:def:1300269 | Date: (C)2014-01-24 (M)2023-11-10 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in ejabberd: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825 . The updated packages have been patched to correct this issue.
Platform: |
Mandriva Enterprise Server 5.2 |