CVE-2015-7995 Ubuntu Security Notification for Libxslt Vulnerabilities (USN-3271-1)

An integer overflow in the xsltAddTextString() function in Libxslt.

It was discovered that Libxslt mishandled namespace nodes.

A use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt.

A type confusion error existed in the xsltStylePreCompute() function in Libxslt.

It was discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data.

It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators.

An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029)

An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)

An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)

An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995)

An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)

An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738)

Refer to Ubuntu advisory USN-3271-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3271-1: 16.04 (Xenial) on src (libxslt1.1)

USN-3271-1: 17.04 (zesty) on src (libxslt1.1)

USN-3271-1: 16.10 (Yakkety) on src (libxslt1.1)

USN-3271-1: 14.04 (Kylin) on src (libxslt1.1)

USN-3271-1: 12.04 (Precise) on src (libxslt1.1)