Advisories » MGASA-2016-0385

Updated derby packages fix security vulnerability

Publication date: 17 Nov 2016
Modification date: 18 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1832

Description

Apache Derby could allow a remote attacker to obtain sensitive
information, caused by a XML external entity (XXE) error when processing
XML data by the XML datatype and XmlVTI. An attacker could exploit this
vulnerability to read arbitrary files on the system or cause a denial of
service (CVE-2015-1832).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19590
• https://lists.opensuse.org/opensuse-updates/2016-10/msg00051.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832

SRPMS

5/core

• derby-10.10.2.0-1.1.mga5