Your submission was sent successfully! Close

CVE-2012-0057

Published: 1 February 2012

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Notes

AuthorNote
jdstrand
watch out for Debian regression (658087) for DSA-2399-1 in php5-xsl
Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy
Released (5.2.4-2ubuntu5.22)
lucid
Released (5.3.2-1ubuntu4.13)
maverick
Released (5.3.3-1ubuntu9.9)
natty
Released (5.3.5-1ubuntu7.6)
oneiric
Released (5.3.6-13ubuntu3.5)
upstream
Released (5.3.9-1)
Patches:
upstream: http://svn.php.net/viewvc/?view=revision&revision=317759
upstream: http://svn.php.net/viewvc/?view=revision&revision=317801
upstream: http://svn.php.net/viewvc/?view=revision&revision=317953
vendor: http://www.debian.org/security/2012/dsa-2399
vendor: http://www.debian.org/security/2012/dsa-2399-2