SUSE-SU-2018:3424-1

Опубликовано: 25 окт. 2018

Источник: suse-cvrf

Описание

Security update for dom4j

This update for dom4j fixes the following issues:

CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443)

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

dom4j-1.6.1-8.3.8.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183424-1/
Link for SUSE-SU-2018:3424-1
https://lists.suse.com/pipermail/sle-security-updates/2018-October/004787.html
E-Mail link for SUSE-SU-2018:3424-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1105443
SUSE Bug 1105443
https://www.suse.com/security/cve/CVE-2018-1000632/
SUSE CVE CVE-2018-1000632 page

Описание

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP4:dom4j-1.6.1-8.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000632.html
CVE-2018-1000632
https://bugzilla.suse.com/1105443
SUSE Bug 1105443

SUSE-SU-2018:3424-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2018-1000632

Описание

Затронутые продукты

Ссылки