Advisories ยป MGASA-2014-0100

Updated xstream packages fix CVE-2013-7285

Publication date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7285

Description

Updated xstream packages fix security vulnerability:

It was found that XStream would deserialize arbitrary user-supplied XML
content, representing objects of any type. A remote attacker able to pass XML
to XStream could use this flaw to perform a variety of attacks, including
remote code execution in the context of the server running the XStream
application (CVE-2013-7285).
                

References

SRPMS

4/core

3/core