CVE-2011-1425 Information

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17 as used in WebKit and other products when XSLT is enabled allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Reference

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780 http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://trac.webkit.org/changeset/79159 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securityfocus.com/bid/47135 http://www.securitytracker.com/id?1025284 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 https://bugs.webkit.org/show_bug.cgi?id=52688 https://bugzilla.redhat.com/show_bug.cgi?id=692133 https://exchange.xforce.ibmcloud.com/vulnerabilities/66506