Advisories ยป MGASA-2014-0558

Updated xml-security packages fix CVE-2013-4517

Publication date: 31 Dec 2014
Modification date: 31 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-4517

Description

Updated xml-security packages fixes security vulnerability:

Apache Santuario XML Security for Java before 1.5.6, when applying
Transforms, allows remote attackers to cause a denial of service (memory
consumption) via crafted Document Type Definitions (DTDs), related to
signatures (CVE-2013-4517).
                

References

SRPMS

4/core