Arbitrary file upload

Description Due to lack of file extension validation, privileged user administrator can upload arbitrary files with "update logo" and "update icon" features. The application uses the extension provided in the filename parameter. Proof of Concept POST /admin/default/jqadm/save/settings?locale=en...

libxml2 security update

2.9.1-5.0.1.el71.2 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.9.1-5.2 - Fix missing entities after CVE-2014-3660 fix - CVE-2014-0191 Do not fetch external parameter entities rhbz1195649 - Fix regressions introduced by CVE-2014-0191 patch...