Advisories » MGASA-2015-0426

Updated springframework packages fix security vulnerability

Publication date: 04 Nov 2015
Modification date: 04 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5211

Description

Under some situations, the Spring Framework is vulnerable to a Reflected
File Download (RFD) attack. The attack involves a malicious user crafting
a URL with a batch script extension that results in the response being
downloaded rather than rendered and also includes some input reflected in
the response (CVE-2015-5211).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17070
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170543.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211

SRPMS

5/core

• json-smart-1.3-0.20140820.1.mga5
• json-path-0.9.1-1.mga5
• springframework-3.2.15-1.mga5