StarlingX

[Debian] CVE: CVE-2021-30560: libxslt: use-after-free in xsltApplyTemplates

Bug #2020639 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Unassigned

Bug Description

CVE-2021-30560: https://nvd.nist.gov/vuln/detail/CVE-2021-30560

Base Score: 8.8 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References:

['libxslt1.1_1.1.34-4_amd64.deb===>libxslt1.1_1.1.34-4+deb11u1_amd64.deb']

https://security-tracker.debian.org/tracker/DSA-5216-1

CVE References

Yue Tao (wrytao)
Changed in starlingx:
status: New → Triaged
importance: Undecided → High
tags: added: stx.9.0 stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/884669

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/884669
Committed: https://opendev.org/starlingx/tools/commit/171916d8c66bd783409419ff6f46c2189007d9af
Submitter: "Zuul (22348)"
Branch: master

commit 171916d8c66bd783409419ff6f46c2189007d9af
Author: Haiqing Bai <email address hidden>
Date: Tue May 30 15:59:48 2023 +0800

    libxslt: fix CVE-2021-30560

    Upgrade libxslt1.1 to 1.1.34-4+deb11u1
    Upgrade libxslt1-dev to 1.1.34-4+deb11u1

    Refer to:
    https://security-tracker.debian.org/tracker/DSA-5216-1

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean
    Pass: build-image
    Pass: Jenkins Installation
    PASS: dpkg -l | grep libxslt
          ii libxslt1.1:amd64 1.1.34-4+deb11u1

    Closes-Bug: 2020639

    Change-Id: I0407fadf81f93037d569d68dbb25af724cc9108c
    Signed-off-by: Haiqing Bai <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.