openSUSE-SU-2018:3998-1

Опубликовано: 06 дек. 2018

Источник: suse-cvrf

Описание

Security update for dom4j

This update for dom4j fixes the following issues:

CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents (bsc#1105443).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

dom4j-1.6.1-lp150.3.3.1

dom4j-demo-1.6.1-lp150.3.3.1

dom4j-javadoc-1.6.1-lp150.3.3.1

dom4j-manual-1.6.1-lp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00000.html
E-Mail link for openSUSE-SU-2018:3998-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Затронутые продукты

openSUSE Leap 15.0:dom4j-1.6.1-lp150.3.3.1

openSUSE Leap 15.0:dom4j-demo-1.6.1-lp150.3.3.1

openSUSE Leap 15.0:dom4j-javadoc-1.6.1-lp150.3.3.1

openSUSE Leap 15.0:dom4j-manual-1.6.1-lp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000632.html
CVE-2018-1000632
https://bugzilla.suse.com/1105443
SUSE Bug 1105443

openSUSE-SU-2018:3998-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-1000632

Описание

Затронутые продукты

Ссылки