User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0001 (cxf)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0001: Updated cxf, wss4j, and jacorb packages fix security vulnerability
Date:  Mon, 6 Jan 2014 01:50:01 +0100
Message-ID:  <20140106005001.1F48C58FBD@valstar.mageia.org>

MGASA-2014-0001 - Updated cxf, wss4j, and jacorb packages fix security vulnerability Publication date: 06 Jan 2014 URL: http://advisories.mageia.org/MGASA-2014-0001.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-2160 Description: Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a specially-crafted XML file that, when processed by the application would lead to excessive system resources (CPU cycles, memory) consumption by that application (CVE-2013-2160). References: - https://bugs.mageia.org/show_bug.cgi?id=10986 - http://cxf.apache.org/security-advisories.data/CVE-2013-2... - https://lists.fedoraproject.org/pipermail/package-announc... - https://lists.fedoraproject.org/pipermail/package-announc... - https://lists.fedoraproject.org/pipermail/package-announc... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2160 SRPMS: - 3/core/cxf-2.6.9-1.mga3 - 3/core/jacorb-2.3.1-4.mga3 - 3/core/wss4j-1.6.10-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds