Synopsis:          Important: xalan-j2 security update
Advisory ID:       SLSA-2014:0348-1
Issue Date:        2014-04-01
CVE Numbers:       CVE-2014-0107
--

It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features. A
remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses Xalan-
Java. (CVE-2014-0107)
--

SL5
  x86_64
    xalan-j2-2.7.0-6jpp.2.x86_64.rpm
    xalan-j2-debuginfo-2.7.0-6jpp.2.x86_64.rpm
    xalan-j2-manual-2.7.0-6jpp.2.x86_64.rpm
    xalan-j2-xsltc-2.7.0-6jpp.2.x86_64.rpm
    xalan-j2-demo-2.7.0-6jpp.2.x86_64.rpm
    xalan-j2-javadoc-2.7.0-6jpp.2.x86_64.rpm
  i386
    xalan-j2-2.7.0-6jpp.2.i386.rpm
    xalan-j2-debuginfo-2.7.0-6jpp.2.i386.rpm
    xalan-j2-manual-2.7.0-6jpp.2.i386.rpm
    xalan-j2-xsltc-2.7.0-6jpp.2.i386.rpm
    xalan-j2-demo-2.7.0-6jpp.2.i386.rpm
    xalan-j2-javadoc-2.7.0-6jpp.2.i386.rpm
SL6
  noarch
    xalan-j2-2.7.0-9.9.el6_5.noarch.rpm
    xalan-j2-demo-2.7.0-9.9.el6_5.noarch.rpm
    xalan-j2-javadoc-2.7.0-9.9.el6_5.noarch.rpm
    xalan-j2-manual-2.7.0-9.9.el6_5.noarch.rpm
    xalan-j2-xsltc-2.7.0-9.9.el6_5.noarch.rpm

- Scientific Linux Development Team