CVE-2012-2893
Published: 26 September 2012
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Notes
Author | Note |
---|---|
seth-arnold | confirmed Revision 154331 code exists in libxslt standalone package in 12.04 LTS |
jdstrand | mdeslaur provided the update for libxslt |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(3.0.1271.97-0ubuntu0.10.04.1)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(3.0.1271.97-0ubuntu0.11.10.1)
|
|
precise |
Released
(3.0.1271.97-0ubuntu0.12.04.1)
|
|
quantal |
Released
(3.0.1271.97-0ubuntu0.12.10.1)
|
|
upstream |
Released
(22.0.1229.79)
|
|
libxslt Launchpad, Ubuntu, Debian |
hardy |
Released
(1.1.22-1ubuntu1.3)
|
lucid |
Released
(1.1.26-1ubuntu1.1)
|
|
natty |
Released
(1.1.26-6ubuntu0.1)
|
|
oneiric |
Released
(1.1.26-7ubuntu0.1)
|
|
precise |
Released
(1.1.26-8ubuntu1.2)
|
|
quantal |
Not vulnerable
(1.1.26-14)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065 |
References
- https://src.chromium.org/viewvc/chrome?view=rev&revision=154331
- https://chromiumcodereview.appspot.com/10919019
- http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556
- https://code.google.com/p/chromium/issues/detail?id=144799
- http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
- https://rhn.redhat.com/errata/RHSA-2012-1265.html
- https://ubuntu.com/security/notices/USN-1595-1
- https://www.cve.org/CVERecord?id=CVE-2012-2893
- NVD
- Launchpad
- Debian