1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3610-1] xerces-c security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Jun 29 22:20:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    June 29, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xerces-c
    CVE ID : CVE-2016-4463
    Debian Bug : 828990

    Brandon Perry discovered that xerces-c, a validating XML parser library
    for C++, fails to successfully parse a DTD that is deeply nested,
    causing a stack overflow. A remote unauthenticated attacker can take
    advantage of this flaw to cause a denial of service against applications
    using the xerces-c library.

    Additionally this update includes an enhancement to enable applications
    to fully disable DTD processing through the use of an environment
    variable (XERCES_DISABLE_DTD).

    For the stable distribution (jessie), this problem has been fixed in
    version 3.1.1-5.1+deb8u3.

    We recommend that you upgrade your xerces-c packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXdCslAAoJEAVMuPMTQ89EBXUP/1wAze1hP0PcbqqkMsBDevp4 N/+3a8ZYpq4XmcjDcZYVKwekYABJtOWnHTg/7h23dCyJUDjd28atk+DkiOtqbG19 5+SpnRnLAiRj6+2Ua8Bf7dh+ZyO3EoMMyQ0QVByADaRP/N4BIdYtImjDJcBCNyZd 2zwWhAEiIB55u30GAhvDCWsGwN5ucngOsjBI32MzKDGoYGM5gH1igTMz+21O0j7J 411BuZynQK/ZFOaQNnNRQh5Ne1ULCWHFlZOdaLv3Zietdtm9XrVaJZ6NnwK9HYvR UTXXVj5JpJR0XOS85fmYogpjoL2aUUao8zVeGRPlSeg2rPg7IjS/fQXWAWjBVpt8 xkDMiPOo+ED+MNNGPSrsMdncNoD8PhdOGjOwhyHHD3e2wDq3p+6WoVRDU/pTLAc0 eNmMwcvbjugxzEhXMInTtRu9D++X65H/dVWoH/UWw9bMoQfz810+8AUBrc3Tgj3F roFdmhvl2GJtoLtPYc9fIMuORuxe4cejMshhAweUJd0dZhtjQhQUj8jfeBSSaRJs ova3BXgiegGbpl4liT2ds6ZUucJg9mZFSoRwEnZk3iXiBFM0G42BU8kajx6r+XWb 5N89ltkPa+QaRknhAGOcQGKZOtchYo4vb2jsryU99C2g1XZv81wrmqUnsdwbCSD5 2X7QhWMcTqpGgfm605x7
    =6vFH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)