Updated xalan-j2 packages fix CVE-2014-0107
Publication date: 03 Apr 2014Modification date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0107
Description
Updated xalan-j2 packages fix security vulnerability:
Nicolas Gregoire discovered several vulnerabilities in libxalan2-java.
Crafted XSLT programs could access system properties or load arbitrary
classes, resulting in information disclosure and, potentially, arbitrary
code execution (CVE-2014-0107).
References
SRPMS
3/core
- xalan-j2-2.7.1-5.1.mga3
4/core
- xalan-j2-2.7.1-6.1.mga4