Advisories ยป MGASA-2014-0556

Updated castor packages fix CVE-2014-3004

Publication date: 31 Dec 2014
Modification date: 31 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3004

Description

Updated castor packages fix security vulnerability:

The default configuration for the Xerces SAX Parser in Castor before 1.3.3
allows context-dependent attackers to conduct XML External Entity (XXE)
attacks via a crafted XML document (CVE-2014-3004).

References

SRPMS

4/core