|
|
Log in / Subscribe / Register

Mageia alert MGASA-2017-0305 (xmlsec1)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0305: Updated xmlsec1 packages fix security vulnerability 


Date:
    	      Thu, 24 Aug 2017 23:19:06 +0200


Message-ID:
    	      <20170824211906.229A19F872@duvel.mageia.org>


MGASA-2017-0305 - Updated xmlsec1 packages fix security vulnerability

Publication date: 24 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0305.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-1000061

Description:
It was discovered xmlsec1's use of libxml2 inadvertently enabled
external entity expansion (XXE) along with validation. An attacker could
craft an XML file that would cause xmlsec1 to try and read local files
or HTTP/FTP URLs, leading to information disclosure or denial of service
(CVE-2017-1000061).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21586
- https://access.redhat.com/errata/RHSA-2017:2492
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10...

SRPMS:
- 5/core/xmlsec1-1.2.24-1.mga5
- 6/core/xmlsec1-1.2.24-1.mga6
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds