[SECURITY] Fedora 24 Update: jackson-dataformat-xml-2.6.3-3.fc24

updates at fedoraproject.org updates at fedoraproject.org
Tue May 10 11:53:04 UTC 2016


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-13b4cae9df
2016-05-10 11:44:56.463932
--------------------------------------------------------------------------------

Name        : jackson-dataformat-xml
Product     : Fedora 24
Version     : 2.6.3
Release     : 3.fc24
URL         : http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding
Summary     : XML data binding extension for Jackson
Description :
Data format extension for Jackson (http://jackson.codehaus.org)
to offer alternative support for serializing POJOs as XML and
deserializing XML as POJOs. Support implemented on top of Stax API
(javax.xml.stream), by implementing core Jackson Streaming API types
like JsonGenerator, JsonParser and JsonFactory. Some data-binding types
overridden as well (ObjectMapper sub-classed as XmlMapper).

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-3720
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1328427
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update jackson-dataformat-xml' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list