Advisories ยป MGASA-2014-0155

Updated springframework packages fix multiple vulnerabilities

Publication date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0054 , CVE-2014-1904

Description

Updated springframework packages fix security vulnerabilities:

Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML
entities (CVE-2014-0054).

Spring MVC introduces a cross-site scripting vulnerability if the action on a
Spring form is not specified (CVE-2014-1904).
                

References

SRPMS

3/core

4/core