|
|
Subscribe / Log in / New account

Debian alert DLA-1517-1 (dom4j)

From:  Markus Koschany <apo@debian.org>
To:  debian-lts-announce@lists.debian.org
Subject:  [SECURITY] [DLA 1517-1] dom4j security update
Date:  Mon, 24 Sep 2018 20:11:01 +0200
Message-ID:  <70656cd6-b0a5-2677-f8cb-8bc0f4f14514@debian.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : dom4j Version : 1.6.1+dfsg.3-2+deb8u1 CVE ID : CVE-2018-1000632 Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document. For Debian 8 "Jessie", this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u1. We recommend that you upgrade your dom4j packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlupKLRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeS0RxAAjsCilDFCTLysNKMI8cFNrVHqPGy5bkIdW6F38fN2Zg5RDAOTdRAQouvL Hvv932D+WfdkQq5yQJfGTPGXpUCwWE35gbnfaozHOxmJJuf8ivrXJ0CuBlR4VexS X7TaOKp75wLplGhRJFT3eNwN0HznQMbqzey0A66Wbff4+nI7tYlj21UX01XrNgMh xOvCeHlP0vAW06VYBwQfrkO9rgY5hDN4z6W8DiAIjzBeX1O2puP/hGAq5kJhebCp LHYRAVq9NKLC2f79mhnrEAYpHmbQGF58JRJN8o44hd/uRR2VrdEF05ISaGc9XsNO jXnPebSZ+zXjjF6nVJqRU973Xr5WUZoyYtlsZx5rigeNMTkB5XFUEEtYavpX7TbB gfAV/mRYvdHckivb1HyGuorEVaCdeTf6Qu+SvoawiStqXd/0DQzM3ZcAjpMG6hZQ vZpMIVmlfIjkcaP7Ib56fgAF1nRg1pIPSwMjEmZQAIpqs/HgSXbfN+7bjU5+0zQ8 1bBSK9PfrH2mA0wxQjFAE9yZAaxB8HJzNXhUk06kw/AW6mG2YZ2DfyOAjPepb90q BheRF0Xwp+hboh/rxAlARN32tjiGxxuXoT8nASKWtC9IfCiOa+2lIopU5xlFW6LS FLwlzzc5EKnZkd4d5cU3RKRSv04PHW/E2xix/j7EeOMQHIYG+7M= =1HOa -----END PGP SIGNATURE-----


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds