Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 2021-0457 Important XML Parsing Patch for Python-pikepdf

mageia
Calendar Grey June 18, 2021
Dist Mageia Esm H88
Mageia has released updated packages for python-pikepdf to address a serious XXE vulnerability that impacted the parsing of XMP metadata.
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries (CVE-2021-29421)

Summary

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries (CVE-2021-29421).

References

- https://bugs.mageia.org/show_bug.cgi?id=29022

- https://www.cve.org/CVERecord?id=CVE-2021-29421

Resolution

SRPMS

- 8/core/python-pikepdf-2.10.0-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 18 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0268.html
Type: security
CVE: CVE-2021-29421

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here