VDB
GCVE-110-MAGEIA-2020-104
GCVE-110-MAGEIA-2020-104
Advisory Published
Updated xmlsec1 packages fix security vulnerability:
It was discovered xmlsec1's use of libxml2 inadvertently enabled external
entity expansion (XXE) along with validation. An attacker could craft an
XML file that would cause xmlsec1 to try and read local files or HTTP/FTP
URLs, leading to information disclosure or denial of service
(CVE-2017-1000061).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | openttd | 0 (affected), 1.10.1-1.mga7 (unaffected) | — |
| Mageia | openttd-opengfx | 0 (affected), 0.6.0-1.mga7 (unaffected) | — |
| Mageia | xmlsec1 | 0 (affected), 1.2.29-1.mga7 (unaffected), 0 (affected), 1.2.29-1.mga7 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.