公告ID: KYLIN-2019-13118
安全等级: 低级
产品: Kylin V3
发布日期: 2019年6月30日
CVE: CVE-2019-13118
CVSS3评分: 4.0
概述:
This issue affects the versions of libxslt as shipped with Kylin Enterprise Linux 5, 6, 7 and 8. Kylin Product Security has rated this issue as having a security impact of Low. Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. For additional information, refer to the Issue Severity Classification: https://access.Kylin.com/security/updates/classification/. 描述:
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. 系统版本:
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
libxslt
libxslt