Advisories » MGASA-2015-0350

Updated xmltooling packages fix CVE-2015-0851

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0851

Description

Updated xmltooling and opensaml packages fix security vulnerability:

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML
parsing library, did not properly handle an exception when parsing well-formed
but schema-invalid XML. This could allow remote attackers to cause a denial of
service (crash) via crafted XML data (CVE-2015-0851).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16514
• http://shibboleth.net/community/advisories/secadv_20150721.txt
• https://www.debian.org/security/2015/dsa-3321
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0851

SRPMS

4/core

• xmltooling-1.5.3-3.1.mga4
• opensaml-2.5.2-4.1.mga4

5/core

• xmltooling-1.5.3-5.1.mga5
• opensaml-2.5.2-6.1.mga5