Advisories » MGASA-2014-0042

Updated springframework packages fix CVE-2013-4152

Publication date: 10 Feb 2014
Modification date: 10 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4152

Description

Updated springframework packages fix security vulnerability:

Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring
Framework which can be used for conducting CSRF and DoS attacks on other sites
(CVE-2013-4152).
                

References

• http://www.debian.org/security/2014/dsa-2842
• https://bugs.mageia.org/show_bug.cgi?id=12295
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152

SRPMS

3/core

• springframework-3.1.1-21.1.mga3