Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: XML External Entity-Verarbeitung in jackson-dataformat-xml
Aktuelle Meldungen Distributionen
Name: XML External Entity-Verarbeitung in jackson-dataformat-xml
ID: FEDORA-2016-d708261ce2
Distribution: Fedora
Plattformen: Fedora 22
Datum: Mo, 16. Mai 2016, 18:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3720

Originalnachricht

Name        : jackson-dataformat-xml
Product : Fedora 22
Version : 2.5.0
Release : 3.fc22
URL : http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding
Summary : XML data binding extension for Jackson
Description :
Data format extension for Jackson (http://jackson.codehaus.org)
to offer alternative support for serializing POJOs as XML and
deserializing XML as POJOs. Support implemented on top of Stax API
(javax.xml.stream), by implementing core Jackson Streaming API types
like JsonGenerator, JsonParser and JsonFactory. Some data-binding types
overridden as well (ObjectMapper sub-classed as XmlMapper).

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2016-3720
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is
vulnerable to XXE attack
https://bugzilla.redhat.com/show_bug.cgi?id=1328427
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update jackson-dataformat-xml' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung