lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87ppl8ognf.fsf@mid.deneb.enyo.de>
Date: Wed, 26 Mar 2014 21:21:08 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 2886-1] libxalan2-java security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2886-1                   security@...ian.org
http://www.debian.org/security/                            Florian Weimer
March 26, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxalan2-java
CVE ID         : CVE-2014-0107
Debian Bug     : 742577

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,
a Java library for XSLT processing.  Crafted XSLT programs could
access system properties or load arbitrary classes, resulting in
information disclosure and, potentially, arbitrary code execution.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.7.1-5+deb6u1.

For the stable distribution (wheezy), this problem has been fixed in
version 2.7.1-7+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.1-9.

We recommend that you upgrade your libxalan2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJTMzhoAAoJEL97/wQC1SS+XDgH+QFIhm6HIEaSB5AyGnW/3h1i
tM+qTA5Oze8FwHTLXYdLbu1V5rJUsNKNdtF/ldf9n+D3MACc8u2Sz3BOa+gixKCz
BWk5s9vc8gRBHz0L/Q3ev+Nf6GKTg25ToMy+iwZhj/p0LjpEYYQRa8GbWepgasDx
Uqo34fuiq8z8Ntbs9xpQZLxCeoLFTPvRl1Pp++5uroMriulEAg1NH0cl6b8Cv4R8
MrAP6H6CsvmGZXc24OZTvnW1zuflCSw7YDdaEB/6MXtRejUugVqBh7Rbn3Gdp9N/
YIaKStItV0sK+uWBtgUl/l43Lcgy4hBJD6SnFRwCLnO5n0/GK3dh6367jqz5vpU=
=+zPT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ