SUSE Package Hub - openSUSE-2018-1492

Update Info

openSUSE-2018-1492

Security update for dom4j

Type: security

Severity: moderate

Issued: 2018-12-07

Description:

This update for dom4j fixes the following issues:

- CVE-2018-1000632: Prevent XML injection that could have resulted in an
  attacker tampering with XML documents (bsc#1105443).

This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2018-1000632
Bugzilla: 1105443 VUL-1: CVE-2018-1000632: dom4j: version prior to version 2.1.1 contains a CWE-91: XML Injectionvulnerability in Class: Element. Methods: addElement, addAttribute that canresult in an attacker tampering with XML documents through XML

Packages

dom4j-1.6.1-bp150.2.3.1