The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libjgraphx-java: external XML entity injection

Synthesis of the vulnerability 

An attacker can transmit malicious XML data to libjgraphx-java, in order to read a file, scan sites, or trigger a denial of service.
Impacted software: Debian, Fedora, openSUSE Leap.
Severity of this computer vulnerability: 2/4.
Creation date: 05/03/2018.
Références of this announce: CVE-2017-18197, DLA-1299-1, FEDORA-2018-b268b5bbb5, FEDORA-2018-b3f8bee2e0, openSUSE-SU-2018:0616-1, VIGILANCE-VUL-25426.

Description of the vulnerability 

An attacker can transmit malicious XML data to libjgraphx-java, in order to read a file, scan sites, or trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Debian, Fedora, openSUSE Leap.

Our Vigil@nce team determined that the severity of this weakness announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat 

Debian: new libjgraphx-java packages.
New packages are available:
  Debian 7: libjgraphx-java 1.4.1.0-3+deb7u1

Fedora: new jgraphx packages.
New packages are available:
  Fedora 26: jgraphx 3.6.0.0-3.fc26
  Fedora 27: jgraphx 3.6.0.0-4.fc27

openSUSE Leap 42.3: new jgraphx packages.
New packages are available:
  openSUSE Leap 42.3: jgraphx 3.1.2.1-7.3.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities patch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.