Updated cxf, wss4j, and jacorb packages fix security vulnerability
Publication date: 06 Jan 2014Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2160
Description
Multiple denial of service flaws were found in the way StAX parser
implementation of Apache CXF, an open-source web services framework,
performed processing of certain XML files. If a web service application
utilized the services of the StAX parser, a remote attacker could provide
a specially-crafted XML file that, when processed by the application would
lead to excessive system resources (CPU cycles, memory) consumption by
that application (CVE-2013-2160).
References
- https://bugs.mageia.org/show_bug.cgi?id=10986
- http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301037
- https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113793.html
- https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113792.html
- https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113791.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2160
SRPMS
3/core
- cxf-2.6.9-1.mga3
- jacorb-2.3.1-4.mga3
- wss4j-1.6.10-1.mga3