Advisories ยป MGASA-2021-0263

Updated gsoap packages fix security vulnerabilities

Publication date: 16 Jun 2021
Modification date: 16 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2020-13574 , CVE-2020-13575 , CVE-2020-13576 , CVE-2020-13577 , CVE-2020-13578

Description

A denial-of-service vulnerability exists in the WS-Security plugin 
functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can 
lead to denial of service. An attacker can send an HTTP request to trigger 
this vulnerability (CVE-2020-13574).

A denial-of-service vulnerability exists in the WS-Addressing plugin 
functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can 
lead to denial of service. An attacker can send an HTTP request to trigger 
this vulnerability (CVE-2020-13575).

A code execution vulnerability exists in the WS-Addressing plugin 
functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can 
lead to remote code execution. An attacker can send an HTTP request to 
trigger this vulnerability (CVE-2020-13576).

A denial-of-service vulnerability exists in the WS-Security plugin 
functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can 
lead to denial of service. An attacker can send an HTTP request to trigger 
this vulnerability (CVE-2020-13577).

A denial-of-service vulnerability exists in the WS-Security plugin 
functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can 
lead to denial of service. An attacker can send an HTTP request to trigger 
this vulnerability (CVE-2020-13578).

References

SRPMS

8/core

7/core