SUSE-SU-2018:3908-1

Опубликовано: 26 окт. 2018

Источник: suse-cvrf

Описание

Security update for dom4j

This update for dom4j fixes the following issues:

CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents (bsc#1105443).

Список пакетов

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

dom4j-1.6.1-4.3.2

dom4j-demo-1.6.1-4.3.2

dom4j-javadoc-1.6.1-4.3.2

dom4j-manual-1.6.1-4.3.2

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183908-1/
Link for SUSE-SU-2018:3908-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004886.html
E-Mail link for SUSE-SU-2018:3908-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1105443
SUSE Bug 1105443
https://www.suse.com/security/cve/CVE-2018-1000632/
SUSE CVE CVE-2018-1000632 page

Описание

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Затронутые продукты

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:dom4j-1.6.1-4.3.2

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:dom4j-demo-1.6.1-4.3.2

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:dom4j-javadoc-1.6.1-4.3.2

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:dom4j-manual-1.6.1-4.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000632.html
CVE-2018-1000632
https://bugzilla.suse.com/1105443
SUSE Bug 1105443

SUSE-SU-2018:3908-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

Ссылки

Уязвимость: CVE-2018-1000632

Описание

Затронутые продукты

Ссылки