| Revision Date: | 2021-03-01 | Version: | 1 |
| Title: | Security update for perl-XML-Twig (Moderate) |
| Description: |
This update for perl-XML-Twig fixes the following issues:
- Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1008644
CVE-2016-9180
SUSE-SU-2020:2173-2
|
| Platform(s): | SUSE OpenStack Cloud Crowbar 8
| Product(s): | |
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 8 is installed AND perl-XML-Twig-3.44-5.3.1 is installed
|