Advisories » MGASA-2014-0109

Updated apache-commons-fileupload package fixes CVE-2014-0050

Publication date: 28 Feb 2014
Modification date: 28 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0050

Description

Updated apache-commons-fileupload packages fix security vulnerability:

It was discovered that the Apache Commons FileUpload package for Java could
enter an infinite loop while processing a multipart request with a crafted
Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).
                

References

• http://seclists.org/fulldisclosure/2014/Feb/41
• http://www.debian.org/security/2014/dsa-2856
• https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html
• https://bugs.mageia.org/show_bug.cgi?id=12653
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

SRPMS

4/core

• apache-commons-fileupload-1.3-5.1.mga4

3/core

• apache-commons-fileupload-1.2.2-10.1.mga3