Security update for jakarta-taglibs-standard SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1568-1 Final 1 1 2017-06-14T16:25:46Z current 2017-06-14T16:25:46Z 2017-06-14T16:25:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for jakarta-taglibs-standard This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-RPI-12-SP2-2017-963,SUSE-SLE-SERVER-12-SP2-2017-963 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171568-1/ Link for SUSE-SU-2017:1568-1 https://lists.suse.com/pipermail/sle-security-updates/2017-June/002943.html E-Mail link for SUSE-SU-2017:1568-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/920813 SUSE Bug 920813 https://www.suse.com/security/cve/CVE-2015-0254/ SUSE CVE CVE-2015-0254 page SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 jakarta-taglibs-standard-1.1.1-255.2 as a component of SUSE Linux Enterprise Server 12 SP2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 as a component of SUSE Linux Enterprise Server 12 SP2 jakarta-taglibs-standard-1.1.1-255.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 jakarta-taglibs-standard-1.1.1-255.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. CVE-2015-0254 SUSE Linux Enterprise Server 12 SP2:jakarta-taglibs-standard-1.1.1-255.2 SUSE Linux Enterprise Server 12 SP2:jakarta-taglibs-standard-javadoc-1.1.1-255.2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:jakarta-taglibs-standard-1.1.1-255.2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:jakarta-taglibs-standard-javadoc-1.1.1-255.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:jakarta-taglibs-standard-1.1.1-255.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:jakarta-taglibs-standard-javadoc-1.1.1-255.2 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171568-1/ https://www.suse.com/security/cve/CVE-2015-0254.html CVE-2015-0254 https://bugzilla.suse.com/920813 SUSE Bug 920813