MGASA-2016-0164

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0164.html

Import Source

https://advisories.mageia.org/MGASA-2016-0164.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0164

Related

CVE-2016-3674

Published

2016-05-05T16:26:44Z

Modified

2016-05-05T16:19:53Z

Summary

Updated xstream packages fix CVE-2016-3674

Details

Updated xstream packages fix security vulnerability:

XStream (x-stream.github.io) is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker could therefore provide manipulated XML as input to access data on the file system (CVE-2016-3674).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / xstream

Package

Name: xstream
Purl: pkg:rpm/mageia/xstream?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.9-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / javapackages-tools

Package

Name: javapackages-tools
Purl: pkg:rpm/mageia/javapackages-tools?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.0-15.1.mga5

Ecosystem specific

{
    "section": "core"
}