Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 20: FEDORA-2015-6862 Urgent Springframework Security Alert

fedora
Calendar Grey May 8, 2015
Dist Fedora Esm H88
Important update for Spring Framework on Fedora 20 resolves a serious vulnerability that could lead to information leakage through SSRF. Protect your systems immediately!
Security fix for CVE-2014-0225

Summary

Spring is a layered Java/J2EE application framework, based on code published in

Expert One-on-One J2EE Design and Development by Rod Johnson (Wrox, 2002).

Update Information:

Security fix for CVE-2014-0225

Topics%20covered

Topics Covered

security advisory Fedora information disclosure urgent fix SSRF springframework

Change Log

* Fri Apr 24 2015 Michal Srb - 0:3.1.4-3 - Resolves: CVE-2014-0225 * Fri Dec 6 2013 gil cattaneo 0:3.1.4-2 - fix for rhbz: 993376, 953977 - switch to XMvn - disable derby (partial), and jopt-simple support - enable castor and jruby support * Thu Dec 5 2013 Orion Poplawski - 0:3.1.4-1 - Update to 3.1.4 - Add BR xmlunit - Change wstx-asl to woodstox-core-asl * Sun Aug 4 2013 Fedora Release Engineering - 0:3.1.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

References


[ 1 ] Bug #1110110 - CVE-2014-0225 Spring Framework: Information disclosure via SSRF https://bugzilla.redhat.com/show_bug.cgi?id=1110110

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update springframework' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: springframework
Product: Fedora 20
Version: 3.1.4
Release: 3.fc20
URL: https://spring.io
Summary: Spring Java Application Framework

Topics%20covered

Topics Covered

security advisory Fedora information disclosure urgent fix SSRF springframework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here