Advisories » MGASA-2016-0101

Updated exempi exiv2 packages fix security vulnerability

Publication date: 07 Mar 2016
Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5

Description

exempi contains code to protect against a denial-service-attack
related to XML entity expansion ("billion laughs attack"), but it was
not compiled into the Mageia package because BanAllEntityUsage was not
defined when the package was compiled.

This has been corrected by recompiling it with the BanAllEntityUsage
macro defined. The exiv2 package contains a bundled copy of the same
code and has also been recompiled with the macro defined.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17877
• https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178378.html

SRPMS

5/core

• exempi-2.2.2-14.1.mga5
• exiv2-0.24-5.1.mga5