1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2717-1] xml-security-c security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Jun 28 17:20:03 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2717-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    June 28, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xml-security-c
    Vulnerability : heap overflow
    Problem type : local (remote)
    Debian-specific: no
    CVE ID : CVE-2013-2210
    Debian Bug : 714241

    Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security
    specification. The fix to address CVE-2013-2154 introduced the
    possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly
    leading to arbitrary code execution.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1.5.1-3+squeeze3.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.6.1-5+deb7u2.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.6.1-7.

    We recommend that you upgrade your xml-security-c packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQIcBAEBCgAGBQJRzaDrAAoJEHidbwV/2GP+ypYQAKE0uiu5ldrC60pukEYiU1d8 epTenJbhaYhzb2FxKETjMtLI+46nooId6ptCCWXwwVZ1PfhaaTO6CJkPuk9MJTZa K8Du0hfa8aNp6Ahp+3/zEEnnwvRVW2EoFB7BHXc1DOY+fmGuSoL1Yty5jwAiOJd3 NjcuJMWcJk8TtYEYH3JsNQiJVliR67YlxgYKnpFKfCtJu/NeVxgFZymz6u6bkeVU 19XZW+xOypFGPi0H3w5sZEd5OZIo7lhettUHg1IJOAVulX3f7Ad1cxOhtns2HJoq 3qpcKm9iMr5aQ0c1qKFWhdiMecrxBd7TOjsPJ1lBpm6j5mT0uKgfTq/oPvh6jLHN bnhBdV65wkhb13umgGLwxoHDdk0Gd1prTy9i3lAnJrXCptZ3Ye4vIjNfOk7DMnV4 iy4fj+Maky5U1EzdOcst0NkMkk/Nx71QVdwDd5D/6pMVogNDpYm9jHrjkkhrH2Hq vZ3ja9SnRL8qXK7zPWZ3Ub2CjcJLxtN9p0tK4M9U/4DalIZry0gAASiy3887FS2h Z9Y1TN8Sga3LMKL2FzYzERlt0wsHpilDqVUcPxBk7p5pA65TjRHIxK9fxoFwownD yPU+nb70th8vyU9jJH/+sidPau07Zk1sqxS79Ndf1z9YD1/KyMU7lOIkVXH4KNO4 Fa+JknxCcr25IQJXNB31
    =fVio
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)