Advisories » MGASA-2014-0155

Updated springframework packages fix multiple vulnerabilities

Publication date: 03 Apr 2014
Modification date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0054 , CVE-2014-1904

Description

Updated springframework packages fix security vulnerabilities:

Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML
entities (CVE-2014-0054).

Spring MVC introduces a cross-site scripting vulnerability if the action on a
Spring form is not specified (CVE-2014-1904).
                

References

• http://www.gopivotal.com/security/cve-2014-0054
• http://www.gopivotal.com/security/cve-2014-1904
• http://www.debian.org/security/2014/dsa-2890
• https://bugs.mageia.org/show_bug.cgi?id=13126
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904

SRPMS

3/core

• springframework-3.1.1-21.3.mga3

4/core

• springframework-3.1.4-2.2.mga4