Updated gsoap packages fix security vulnerabilities
Publication date: 16 Jun 2021Modification date: 16 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2020-13574 , CVE-2020-13575 , CVE-2020-13576 , CVE-2020-13577 , CVE-2020-13578
Description
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13574). A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13575). A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13576). A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13577). A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability (CVE-2020-13578).
References
- https://bugs.mageia.org/show_bug.cgi?id=29015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13578
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13578
SRPMS
7/core
- gsoap-2.8.67-2.1.mga7
8/core
- gsoap-2.8.104-1.1.mga8