Fedora alert FEDORA-2016-f2e2b178ea (jackson-dataformat-xml)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 23 Update: jackson-dataformat-xml-2.5.0-3.fc23 | |
| Date: | Sun, 15 May 2016 05:34:46 +0000 (UTC) | |
| Message-ID: | <20160515053446.2DB516015E31@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-f2e2b178ea 2016-05-14 23:17:53.243709 -------------------------------------------------------------------------------- Name : jackson-dataformat-xml Product : Fedora 23 Version : 2.5.0 Release : 3.fc23 URL : http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding Summary : XML data binding extension for Jackson Description : Data format extension for Jackson (http://jackson.codehaus.org) to offer alternative support for serializing POJOs as XML and deserializing XML as POJOs. Support implemented on top of Stax API (javax.xml.stream), by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and JsonFactory. Some data-binding types overridden as well (ObjectMapper sub-classed as XmlMapper). -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3720 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1328427 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update jackson-dataformat-xml' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/package-announ...