The attached poc produces this output: asan ~ # xsltproc poc ASAN:SIGSEGV ================================================================= ==1706==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fad87a78e8c bp 0x7ffe8420dd90 sp 0x7ffe8420dc40 T0) #0 0x7fad87a78e8b in xsltStylePreCompute /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/preproc.c:2250:18 #1 0x7fad87a3f011 in xsltPrecomputeStylesheet /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:3498:3 #2 0x7fad87a3aa8b in xsltParseStylesheetProcess /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6425:2 #3 0x7fad87a3fecd in xsltParseStylesheetImportedDoc /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6641:9 #4 0x7fad87a40068 in xsltParseStylesheetDoc /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/xslt.c:6680:11 #5 0x4ddc5f in main /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/xsltproc/xsltproc.c:851:9 #6 0x7fad8629baa4 in __libc_start_main (/lib64/libc.so.6+0x21aa4) #7 0x436146 in _start (/usr/bin/xsltproc+0x436146) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/dev-libs/libxslt-1.1.28-r4/work/libxslt-1.1.28/libxslt/preproc.c:2250 xsltStylePreCompute ==1706==ABORTING
Created attachment 410342 [details] poc
Updates from redhat report: CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 Upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
Upstream patch is applied in 1.1.28-r5.
Arches, please test and mark stable: =dev-libs/libxslt-1.1.28-r5 Target keywords : "alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for PPC64.
Stable for HPPA.
amd64 stable
alpha stable
x86 stable
ia64 stable
arm stable
ppc stable
sparc stable
GLSA Vote: No