1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3493-1] xerces-c security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Feb 25 17:10:03 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3493-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xerces-c
    CVE ID : CVE-2016-0729
    Debian Bug : 815907

    Gustavo Grieco discovered that xerces-c, a validating XML parser library
    for C++, mishandles certain kinds of malformed input documents,
    resulting in buffer overflows during processing and error reporting.
    These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 3.1.1-3+deb7u2.

    For the stable distribution (jessie), this problem has been fixed in
    version 3.1.1-5.1+deb8u1.

    We recommend that you upgrade your xerces-c packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWzySQAAoJEAVMuPMTQ89EcvMP/3rigLRWRzgO3Lxyxvfpj+Gi Xy5kq4DwlPrl7MR4C5lV2Wi9pTzk4SOnTbjDe9vl5w8RF+RPirYD1p5miRAZcRn/ 5dHY+q7R3RLEPbctdeM2pP2XE9VwDzhZKpZP/TewbL5gxJyjtpCZBhvWOxgkJTB2 LnZdG/LAqIswU3fbWui0QTn4I1nB9M94QYsf4tv7908wT1fZVn4LSMSsic0Uwa/G y7ski8Kot2IQYCYUMDtddtRSm3s45bS4Z5NM6KMrga63XjpxUzl/tZ2wfn4jB0oD za/PYLIHr0tW2xBqzmtuK6c+DwrDqNhn1GlBYUmphq0iPCR26nz3j/zjibmebhMd uoQflO8zNaw2NixyvfjSBAgpeJGYAHD7QLCyBqs6lvdt5hyFvamkRkpBejASIRWk hhwJ0uF/BhgjMylwl79DvMuUD/+YuMzAhcuvJ0iN4+upqAhMqlbq/f76eianvOEZ NiWj+N1UT0BMG1oVnswl5PziBPXf9ux31V5OUZn8UUKysQBSpWGKYmaIIVSbzj6y YRkulxEKlZIICc+i6rVY/W7/c0MnQ56/2t0SYoKHYVAlX2pqMn1rBDqCfKHMba3p BnvPF8VO9Kpykv/xkXYkaF+V2RrAN22Ju6c5T67SS7raIaL7SJ/FuNuZ4s9IGhIQ exUPEo22+MI9Uw/NVTv4
    =X3xz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)