Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in castor
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in castor
ID: FEDORA-2014-16446
Distribution: Fedora
Plattformen: Fedora 21
Datum: Mo, 15. Dezember 2014, 07:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3004
Applikationen: castor

Originalnachricht

Name        : castor
Product : Fedora 21
Version : 1.3.3
Release : 1.fc21
URL : http://castor.codehaus.org
Summary : An open source data binding framework for Java
Description :
Castor is an open source data binding framework for Java. It's basically
the shortest path between Java objects, XML documents and SQL tables.
Castor provides Java to XML binding, Java to SQL persistence, and more.

-------------------------------------------------------------------------------
-
Update Information:

Update to latest upstream point release containing fix for CVE-2014-3004
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Dec 4 2014 Mat Booth <mat.booth@redhat.com> - 1.3.3-1
- Update to latest upstream 1.3.3
- Fixes rhbz#1108691 CVE-2014-3004
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1108639 - CVE-2014-3004 castor: XML External Entity (XXE) attacks
via a crafted XML document
https://bugzilla.redhat.com/show_bug.cgi?id=1108639
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update castor' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung