Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Mageia: High Risk of Denial Of Service in xmlsec1 Found 2020-0104

mageia
Calendar Grey February 26, 2020
Dist Mageia Esm H88
Recent updates to xmlsec1 packages tackle critical security vulnerabilities that may lead to XML attacks. For detailed insights, refer to the official documentation
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation

Summary

Updated xmlsec1 packages fix security vulnerability:
It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service (CVE-2017-1000061).

References

- https://bugs.mageia.org/show_bug.cgi?id=26174

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3PWHBRWXR3RNPHDSTQI6UWDG5ETOQ7VR/

- https://www.cve.org/CVERecord?id=CVE-2017-1000061

Resolution

SRPMS

- 7/core/xmlsec1-1.2.29-1.mga7

Publication date: 26 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0104.html
Type: security
CVE: CVE-2017-1000061

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here