1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3199-1] xerces-c security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Mar 20 19:40:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3199-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    March 20, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xerces-c
    CVE ID : CVE-2015-0252
    Debian Bug : 780827

    Anton Rager and Jonathan Brossard from the Salesforce.com Product
    Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The
    parser mishandles certain kinds of malformed input documents, resulting
    in a segmentation fault during a parse operation. An unauthenticated
    attacker could use this flaw to cause an application using the
    xerces-c library to crash.

    For the stable distribution (wheezy), this problem has been fixed in
    version 3.1.1-3+deb7u1.

    We recommend that you upgrade your xerces-c packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJVDGiSAAoJEAVMuPMTQ89EDVYP/2/J73RRNB/q9JUGnxW5jGKU Xv+Qns5Fy7aSMY5U68xBxu6bKyooeH7ntFZLJ4kgkfzausKj9TwjFc/nNPEEPtYW QapJwCLGLcbdaYC2v/aD7eb8eeWp5ju8hOhBkjjUoawaSmWSNHx0FeCVaCqo5uvQ 1g5FFAia7/8MJ7Ngp2msOdxTWv2h1RSRxdEh6TBCA41iwGHB6YjN8ACZxH6MLzmd m0ttpS+uk2eGTujyoB0FgipASEEwDwGRg+JnYHUjj0NhhIKwK9lmnxg5h/Nen5q2 OWo/Xyspc4DnZYZDRu2bqu7zSPKouyyc1IbDXIp+sWuPQX74BscmmK4TNGQjCrnZ 87/SwzZnqoGhzLA5lrpa8o6jfBFz9li8KE+IPkldIEdr2jdf5nqqSv5ZBEUEBqmN W/KvK1bAAJrZd1lYdtViiYNhpEH6EkLAxde9aShVGQyFTZTBGyrTpK/L3C6OGBd2 3DdN6DZsZOsk5udg78jhd8w6rYnRwbilIkUDE6pwcgSgmkHbzdJHhXGHaOfVgVCi uQ4Q9Ck5hsjTVTtsqkaO+8Xgqrpyb/NYrs8wRqySKqQyr3iuJUvv49UsQWJvwGfF Z9E4kBnuPVILpX8TkYEgDRCex+nxNoAcBVK+IJWQt5mYjEFi5QHeRtbG2CemZ45M XpEHKaBq4axzUk3hMBdK
    =Pf/K
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)