Updated xmltooling packages fix CVE-2015-0851

2015-09-0820:55:59

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.9%

JSON

Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service (crash) via crafted XML data (CVE-2015-0851).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchxmltooling< 1.5.3-3.1xmltooling-1.5.3-3.1.mga4
Mageia4noarchopensaml< 2.5.2-4.1opensaml-2.5.2-4.1.mga4
Mageia5noarchxmltooling< 1.5.3-5.1xmltooling-1.5.3-5.1.mga5
Mageia5noarchopensaml< 2.5.2-6.1opensaml-2.5.2-6.1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	xmltooling	< 1.5.3-3.1	xmltooling-1.5.3-3.1.mga4
Mageia	4	noarch	opensaml	< 2.5.2-4.1	opensaml-2.5.2-4.1.mga4
Mageia	5	noarch	xmltooling	< 1.5.3-5.1	xmltooling-1.5.3-5.1.mga5
Mageia	5	noarch	opensaml	< 2.5.2-6.1	opensaml-2.5.2-6.1.mga5