|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0164 (xstream)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0164: Updated xstream packages fix CVE-2016-3674 


Date:
    	      Thu, 5 May 2016 18:27:11 +0200


Message-ID:
    	      <20160505162711.8D7D69F643@duvel.mageia.org>


MGASA-2016-0164 - Updated xstream packages fix CVE-2016-3674

Publication date: 05 May 2016
URL: http://advisories.mageia.org/MGASA-2016-0164.html

Type: security
Affected Mageia releases: 5
CVE: CVE-2016-3674

Description:
Updated xstream packages fix security vulnerability:

XStream (x-stream.github.io) is a Java library to marshal Java objects into XML
and back. For this purpose it supports a lot of different XML parsers. Some of
those can also process external entities which was enabled by default. An
attacker could therefore provide manipulated XML as input to access data on the
file system (CVE-2016-3674).

References:
- https://bugs.mageia.org/show_bug.cgi?id=18277

- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3674


SRPMS:
- 5/core/xstream-1.4.9-1.mga5
- 5/core/javapackages-tools-4.1.0-15.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds