Security update for dom4j SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2931-1 Final 1 1 2018-09-28T05:45:36Z current 2018-09-28T05:45:36Z 2018-09-28T05:45:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dom4j This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00083.html E-Mail link for openSUSE-SU-2018:2931-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dom4j-1.6.1-31.3.2 dom4j-demo-1.6.1-31.3.2 dom4j-javadoc-1.6.1-31.3.2 dom4j-manual-1.6.1-31.3.2 dom4j-1.6.1-31.3.2 as a component of openSUSE Leap 42.3 dom4j-demo-1.6.1-31.3.2 as a component of openSUSE Leap 42.3 dom4j-javadoc-1.6.1-31.3.2 as a component of openSUSE Leap 42.3 dom4j-manual-1.6.1-31.3.2 as a component of openSUSE Leap 42.3 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. CVE-2018-1000632 openSUSE Leap 42.3:dom4j-1.6.1-31.3.2 openSUSE Leap 42.3:dom4j-demo-1.6.1-31.3.2 openSUSE Leap 42.3:dom4j-javadoc-1.6.1-31.3.2 openSUSE Leap 42.3:dom4j-manual-1.6.1-31.3.2 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00083.html https://www.suse.com/security/cve/CVE-2018-1000632.html CVE-2018-1000632 https://bugzilla.suse.com/1105443 SUSE Bug 1105443