Advisories » MGASA-2016-0175

Updated jackson-dataformat-xml packages fix CVE-2016-3720

Publication date: 13 May 2016
Modification date: 13 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3720

Description

Updated jackson-dataformat-xml packages fix security vulnerability:

It was reported that XmlMapper in jackson-dataformat-xml is vulnerable to XXE 
attack ("Improper Restriction of XML External Entity Reference") 
(CVE-2016-3720).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18382
• https://bugzilla.redhat.com/show_bug.cgi?id=1328427
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3720

SRPMS

5/core

• jackson-dataformat-xml-2.4.3-3.1.mga5