MGASA-2020-0104

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0104.html

Import Source

https://advisories.mageia.org/MGASA-2020-0104.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0104

Related

CVE-2017-1000061

Published

2020-02-26T10:21:01Z

Modified

2020-02-26T10:00:37Z

Summary

Updated xmlsec1 packages fix security vulnerability

Details

Updated xmlsec1 packages fix security vulnerability:

It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service (CVE-2017-1000061).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / xmlsec1

Package

Name: xmlsec1
Purl: pkg:rpm/mageia/xmlsec1?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.29-1.mga7

Ecosystem specific

{
    "section": "core"
}