Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE: 2020:1204-1 moderate: perl-XML-Twig Security Fix

opensuse
Calendar Grey August 14, 2020
Dist Opensuse Esm H88
The latest openSUSE Security Patch for perl-XML-Twig addresses a vulnerability concerning external entity expansion.
An update that fixes one vulnerability is now available.

Description

This update for perl-XML-Twig fixes the following issues:

- Security fix [bsc#1008644, CVE-2016-9180]

* Setting expand_external_ents to 0 or -1 currently doesn't work as

expected; To completely turn off expanding external entities use

no_xxe.

* Update documentation for XML::Twig to mention problems with

expand_external_ents and add information about new no_xxe argument

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory moderate software update security fix openSUSE external entity perl-XML-Twig

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1204=1

Package List

- openSUSE Leap 15.2 (noarch):

perl-XML-Twig-3.52-lp152.4.3.1

References

https://www.suse.com/security/cve/CVE-2016-9180.html

https://bugzilla.suse.com/1008644

--

Announcement ID: openSUSE-SU-2020:1204-1
Rating: moderate
Affected Products: openSUSE Leap 15.2

Topics%20covered

Topics Covered

security advisory moderate software update security fix openSUSE external entity perl-XML-Twig

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here