Zwei Probleme in cxf
ID: | FEDORA-2016-2361e1e07a |
Distribution: | Fedora |
Plattformen: | Fedora 25 |
Datum: | Sa, 31. Dezember 2016, 11:04 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6812 |
Applikationen: | Apache CXF |
Originalnachricht |
|
Name : cxf Product : Fedora 25 Version : 3.1.6 Release : 3.fc25 URL : http://cxf.apache.org/ Summary : Apache CXF Description : Apache CXF is an open-source services framework that aids in the development of services using front-end programming APIs, like JAX-WS and JAX-RS. -------------------------------------------------------------------------------- Update Information: fixes CVE-2016-6812 CVE-2016-8739 (rhbz#1406810,1406811,1406813) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406810 - CVE-2016-6812 apache-cxf: XSS in Apache CXF FormattedServiceListWriter https://bugzilla.redhat.com/show_bug.cgi?id=1406810 [ 2 ] Bug #1406811 - CVE-2016-8739 apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE https://bugzilla.redhat.com/show_bug.cgi?id=1406811 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade cxf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |