Updated xmltooling packages fix CVE-2015-0851
Publication date: 08 Sep 2015Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0851
Description
Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data (CVE-2015-0851).
References
SRPMS
5/core
- xmltooling-1.5.3-5.1.mga5
- opensaml-2.5.2-6.1.mga5
4/core
- xmltooling-1.5.3-3.1.mga4
- opensaml-2.5.2-4.1.mga4