Launchpad.net

CVE 2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Related bugs and status

CVE-2019-11068 (Candidate) is related to these bugs:

Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism

Summary				In	Importance	Status
	1906470	CVE-2019-11068: libxslt: bypass of protection mechanism		StarlingX	High	Fix Released

Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks

Summary				In	Importance	Status
	1906471	CVE-2019-17006: nss: crypto primitives missing length checks		StarlingX	High	Fix Released

Bug #1908088: stx-tools: yum fails in Docker with misleading error messages

Summary				In	Importance	Status
	1908088	stx-tools: yum fails in Docker with misleading error messages		StarlingX	Low	Fix Released

Bug #1908297: populate_downloads.sh doesn't clean/backup old content

Summary				In	Importance	Status
	1908297	populate_downloads.sh doesn't clean/backup old content		StarlingX	Low	Fix Released

Bug #1908751: mirror-check.sh failes for layered build

Summary				In	Importance	Status
	1908751	mirror-check.sh failes for layered build		StarlingX	Low	Triaged

Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies

Summary				In	Importance	Status
	1910130	Build of 'compile' layer fails due to missing python3 dependencies		StarlingX	Critical	Fix Released

Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read

Summary				In	Importance	Status
	1912139	CVE-2018-19519: tcpdump: a stack-based buffer over-read		StarlingX	Medium	Fix Released

Bug #1912682: tools: Dockerfile: yum install silently ignores errors

Summary				In	Importance	Status
	1912682	tools: Dockerfile: yum install silently ignores errors		StarlingX	Low	Fix Released

Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0

Summary				In	Importance	Status
	1915050	IPv6: All hosts remain offline after booting off the controller-0		StarlingX	Critical	Fix Released

Bug #1917901: tb.sh create fails on rmdir /var/lib/mock

Summary				In	Importance	Status
	1917901	tb.sh create fails on rmdir /var/lib/mock		StarlingX	High	Fix Released

Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow

Summary				In	Importance	Status
	1918154	CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow		StarlingX	High	Fix Released

Bug #1918477: download_mirror.sh is slow

Summary				In	Importance	Status
	1918477	download_mirror.sh is slow		StarlingX	High	Fix Released

Bug #1920024: linuxsoft.cern.ch is no longer responding

Summary				In	Importance	Status
	1920024	linuxsoft.cern.ch is no longer responding		StarlingX	High	Fix Released

Bug #1923458: basearch not always set

Summary				In	Importance	Status
	1923458	basearch not always set		StarlingX	Medium	Fix Released

Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens

Summary				In	Importance	Status
	1924691	systemd sends tons of useless PropertiesChanged messages when a mount happens		StarlingX	Medium	Fix Released

Bug #1926372: CVE-2021-26937 screen segfault

Summary				In	Importance	Status
	1926372	CVE-2021-26937 screen segfault		StarlingX	High	Fix Released

Bug #1926987: Download_mirror.sh fails on 'flockflock'

Summary				In	Importance	Status
	1926987	Download_mirror.sh fails on 'flockflock'		StarlingX	Critical	Fix Released

Bug #1927137: Docker build env fails on git-review

Summary				In	Importance	Status
	1927137	Docker build env fails on git-review		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-11068

Related bugs and status

Related bugs

References