Advisories ยป MGASA-2014-0152

Updated xalan-j2 packages fix CVE-2014-0107

Publication date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0107

Description

Updated xalan-j2 packages fix security vulnerability:

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java.
Crafted XSLT programs could access system properties or load arbitrary
classes, resulting in information disclosure and, potentially, arbitrary
code execution (CVE-2014-0107).
                

References

SRPMS

3/core

4/core