Synopsis: Important: xalan-j2 security update
Advisory ID: SLSA-2014:0348-1
Issue Date: 2014-04-01
CVE Numbers: CVE-2014-0107
—
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features. A
remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses Xalan-
Java. (CVE-2014-0107)
—
SL5
x86_64
xalan-j2-2.7.0-6jpp.2.x86_64.rpm
xalan-j2-debuginfo-2.7.0-6jpp.2.x86_64.rpm
xalan-j2-manual-2.7.0-6jpp.2.x86_64.rpm
xalan-j2-xsltc-2.7.0-6jpp.2.x86_64.rpm
xalan-j2-demo-2.7.0-6jpp.2.x86_64.rpm
xalan-j2-javadoc-2.7.0-6jpp.2.x86_64.rpm
i386
xalan-j2-2.7.0-6jpp.2.i386.rpm
xalan-j2-debuginfo-2.7.0-6jpp.2.i386.rpm
xalan-j2-manual-2.7.0-6jpp.2.i386.rpm
xalan-j2-xsltc-2.7.0-6jpp.2.i386.rpm
xalan-j2-demo-2.7.0-6jpp.2.i386.rpm
xalan-j2-javadoc-2.7.0-6jpp.2.i386.rpm
SL6
noarch
xalan-j2-2.7.0-9.9.el6_5.noarch.rpm
xalan-j2-demo-2.7.0-9.9.el6_5.noarch.rpm
xalan-j2-javadoc-2.7.0-9.9.el6_5.noarch.rpm
xalan-j2-manual-2.7.0-9.9.el6_5.noarch.rpm
xalan-j2-xsltc-2.7.0-9.9.el6_5.noarch.rpm
– Scientific Linux Development Team
