Advisories ยป MGASA-2017-0403

Updated lucene packages fix security vulnerability

Publication date: 06 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12629

Description

It was found that the CoreParser class in Lucene accepts doctype
declaration and expands external entities. An attacker could use this
flaw to bypass security restrictions and access sensitive data
(CVE-2017-12629).
                

References

SRPMS

6/core