[Bug 1434522] New: CVE-2017-5644 apache-poi: XML entity expansion via specially crafted OOXML file
https://bugzilla.redhat.com/show_bug.cgi?id=1434522
Bug ID: 1434522 Summary: CVE-2017-5644 apache-poi: XML entity expansion via specially crafted OOXML file Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: java-sig-commits@lists.fedoraproject.org, mat.booth@redhat.com, puntogil@libero.it
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
References:
http://www.openwall.com/lists/oss-security/2017/03/20/9
https://bugzilla.redhat.com/show_bug.cgi?id=1434522
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |apache-poi 3.15
https://bugzilla.redhat.com/show_bug.cgi?id=1434522
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1434523
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created apache-poi tracking bugs for this issue:
Affects: fedora-all [bug 1434523]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1434523 [Bug 1434523] CVE-2017-5644 apache-poi: XML entity expansion via specially crafted OOXML file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1434522
Apurbita Mukherjee apmukher@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |apmukher@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1434522 Bug 1434522 depends on bug 1434523, which changed state.
Bug 1434523 Summary: CVE-2017-5644 apache-poi: XML entity expansion via specially crafted OOXML file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1434523
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE
java-sig-commits@lists.fedoraproject.org
-
bugzilla@redhat.com