Advisories ยป MGASA-2020-0233

Updated log4net packages fix security vulnerability

Publication date: 27 May 2020
Modification date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2018-1285

Description

Updated log4net packages fix security vulnerability
This patch fixes a security vulnerabiliy reported by Karthik
Balasundaram. The security vulnerability was found in the way
how log4net parses xml configuration files where it allowed to
process XML External Entity Processing. An attacker could use 
this as an attack vector if he could modify the XML configuration file.

References

SRPMS

7/core