[El-errata] ELSA-2015-1695 Important: Oracle Linux 7 jakarta-taglibs-standard security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Aug 31 08:47:52 PDT 2015
Oracle Linux Security Advisory ELSA-2015-1695
http://linux.oracle.com/errata/ELSA-2015-1695.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
jakarta-taglibs-standard-1.1.2-14.el7_1.noarch.rpm
jakarta-taglibs-standard-javadoc-1.1.2-14.el7_1.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/jakarta-taglibs-standard-1.1.2-14.el7_1.src.rpm
Description of changes:
[0:1.1.2-14]
- Gracefully handle parsers without FSP support (e.g. Java 5 GCJ)
- Resolves: CVE-2015-0254
[0:1.1.2-13]
- Prevent XXE and RCE in JSTL XML tags
- Apply correction for previous CVE-2015-0254 patch (prevent XXE in
<x:transform>)
- Resolves: CVE-2015-0254
[0:1.1.2-12]
- Prevent XXE and RCE in JSTL XML tags
- Resolves: CVE-2015-0254
More information about the El-errata
mailing list