openSUSE-SU-2018:0616-1

Опубликовано: 06 мар. 2018

Источник: suse-cvrf

Описание

Security update for jgraphx

This update for jgraphx fixes the following issues:

Security issue fixed:

CVE-2017-18197: Fixed missing flags in SAXParserFactory instance in convert() to prevent XML External Entity (XXE) attacks (boo#1083413).

Список пакетов

openSUSE Leap 42.3

jgraphx-3.1.2.1-7.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-03/msg00010.html
E-Mail link for openSUSE-SU-2018:0616-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

Затронутые продукты

openSUSE Leap 42.3:jgraphx-3.1.2.1-7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18197.html
CVE-2017-18197
https://bugzilla.suse.com/1083413
SUSE Bug 1083413

openSUSE-SU-2018:0616-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-18197

Описание

Затронутые продукты

Ссылки