Advisories ยป MGASA-2015-0350

Updated xmltooling packages fix CVE-2015-0851

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0851

Description

Updated xmltooling and opensaml packages fix security vulnerability:

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML
parsing library, did not properly handle an exception when parsing well-formed
but schema-invalid XML. This could allow remote attackers to cause a denial of
service (crash) via crafted XML data (CVE-2015-0851).
                

References

SRPMS

5/core

4/core