Updated lucene packages fix security vulnerability
Publication date: 06 Nov 2017Modification date: 06 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12629
Description
It was found that the CoreParser class in Lucene accepts doctype
declaration and expands external entities. An attacker could use this
flaw to bypass security restrictions and access sensitive data
(CVE-2017-12629).
References
SRPMS
6/core
- lucene-5.5.0-4.1.mga6