Updated xmlsec1 packages fix security vulnerability:
It was discovered xmlsec1's use of libxml2 inadvertently enabled external
entity expansion (XXE) along with validation. An attacker could craft an
XML file that would cause xmlsec1 to try and read local files or HTTP/FTP
URLs, leading to information disclosure or denial of service
(CVE-2017-1000061).
- https://bugs.mageia.org/show_bug.cgi?id=26174
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3PWHBRWXR3RNPHDSTQI6UWDG5ETOQ7VR/
- https://www.cve.org/CVERecord?id=CVE-2017-1000061
- 7/core/xmlsec1-1.2.29-1.mga7
Get the latest Linux and open source security news straight to your inbox.