Advisories » MGASA-2015-0140

Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0254

Description

Updated jakarta-taglibs-standard packages fix security vulnerability:

David Jorm discovered that the Apache Standard Taglibs incorrectly handled
external XML entities. A remote attacker could possibly use this issue to
execute arbitrary code or perform other external XML entity attacks
(CVE-2015-0254).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15599
• http://www.ubuntu.com/usn/usn-2551-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254

SRPMS

4/core

• jakarta-taglibs-standard-1.1.2-12.1.mga4