MGASA-2015-0199

Source
https://advisories.mageia.org/MGASA-2015-0199.html
Import Source
https://advisories.mageia.org/MGASA-2015-0199.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2015-0199
Related
Published
2015-05-06T17:10:47Z
Modified
2015-05-06T17:02:21Z
Summary
Updated perl-XML-LibXML packages fix CVE-2015-3451
Details

Updated perl-XML-LibXML package fixes security vulnerability:

Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used (CVE-2015-3451).

References
Credits

Affected packages

Mageia:4 / perl-XML-LibXML

Package

Name
perl-XML-LibXML
Purl
pkg:rpm/mageia/perl-XML-LibXML?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0-2.1.mga4

Ecosystem specific

{
    "section": "core"
}