You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa dom4j

Sigurnosni nedostatak programskog paketa dom4j

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4575-1
October 13, 2020

dom4j vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

dom4j could be made to expose sensitive information or run programs if it
received specially crafted input.

Software Description:
– dom4j: Flexible XML framework for Java

Details:

It was discovered that dom4j incorrectly handled reading XML data. A
remote attacker could exploit this with a crafted XML file to expose
sensitive data or possibly execute arbitrary code. (CVE-2020-10683)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libdom4j-java 1.6.1+dfsg.3-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4575-1
CVE-2020-10683

Package Information:
https://launchpad.net/ubuntu/+source/dom4j/1.6.1+dfsg.3-2ubuntu1.1

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl+GTU0ACgkQtGdj0GOh
2+z92Qf/UFzr8W5SBzBzDNox25O8r/aHmc7mYk+zoxXlqEieuu4Wyc2/U4ISOESu
Tuiq65D7cvkYtVuCShCL6UmwwdKo+B5uhUnwAZTq+HK1A49TCqM8YIoftfk0+8BL
kRfNogiWkk34/RaVabcC6wxo+V7xTcRhybJuI/0VSnBsGaJf9hbCFDj7jOLQ1OQI
8p7V4IbFT/t8t5FIsgWvoRy1URpe/Km1aNiDH0cWY3RI9gFFP/hBD8R7Qh7DQrQL
1MfOegyNVnoq7rWuoSPH5r/ojTxxC7AhoQ8+EM9oooq/MdjbHtrNBdjrNABA7KsL
XNbxRqs1CQzMcmNrR82y8ZNOteJ3GQ==
=wEQI
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa dovecot

Otkriveni su sigurnosni nedostaci u programskom paketu dovecot za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close