Updated derby packages fix security vulnerability
Publication date: 17 Nov 2016Modification date: 18 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1832
Description
Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service (CVE-2015-1832).
References
SRPMS
5/core
- derby-10.10.2.0-1.1.mga5