openSUSE-SU-2020:0719-1

Опубликовано: 26 мая 2020

Источник: suse-cvrf

Описание

Security update for dom4j

This update for dom4j fixes the following issues:

CVE-2020-10683: Fixed an XML External Entity vulnerability in default SAX parser (bsc#1169760).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

dom4j-1.6.1-lp151.6.3.1

dom4j-demo-1.6.1-lp151.6.3.1

dom4j-javadoc-1.6.1-lp151.6.3.1

dom4j-manual-1.6.1-lp151.6.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2A7KGL4QBPPBATGQYZOACVMUIMPWQ6RL/
E-Mail link for openSUSE-SU-2020:0719-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1169760
SUSE Bug 1169760
https://www.suse.com/security/cve/CVE-2020-10683/
SUSE CVE CVE-2020-10683 page

Описание

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Затронутые продукты

openSUSE Leap 15.1:dom4j-1.6.1-lp151.6.3.1

openSUSE Leap 15.1:dom4j-demo-1.6.1-lp151.6.3.1

openSUSE Leap 15.1:dom4j-javadoc-1.6.1-lp151.6.3.1

openSUSE Leap 15.1:dom4j-manual-1.6.1-lp151.6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-10683.html
CVE-2020-10683
https://bugzilla.suse.com/1169760
SUSE Bug 1169760

openSUSE-SU-2020:0719-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-10683

Описание

Затронутые продукты

Ссылки