[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3199-1] xerces-c security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3199-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
March 20, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xerces-c
CVE ID         : CVE-2015-0252
Debian Bug     : 780827

Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.1-3+deb7u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDGiSAAoJEAVMuPMTQ89EDVYP/2/J73RRNB/q9JUGnxW5jGKU
Xv+Qns5Fy7aSMY5U68xBxu6bKyooeH7ntFZLJ4kgkfzausKj9TwjFc/nNPEEPtYW
QapJwCLGLcbdaYC2v/aD7eb8eeWp5ju8hOhBkjjUoawaSmWSNHx0FeCVaCqo5uvQ
1g5FFAia7/8MJ7Ngp2msOdxTWv2h1RSRxdEh6TBCA41iwGHB6YjN8ACZxH6MLzmd
m0ttpS+uk2eGTujyoB0FgipASEEwDwGRg+JnYHUjj0NhhIKwK9lmnxg5h/Nen5q2
OWo/Xyspc4DnZYZDRu2bqu7zSPKouyyc1IbDXIp+sWuPQX74BscmmK4TNGQjCrnZ
87/SwzZnqoGhzLA5lrpa8o6jfBFz9li8KE+IPkldIEdr2jdf5nqqSv5ZBEUEBqmN
W/KvK1bAAJrZd1lYdtViiYNhpEH6EkLAxde9aShVGQyFTZTBGyrTpK/L3C6OGBd2
3DdN6DZsZOsk5udg78jhd8w6rYnRwbilIkUDE6pwcgSgmkHbzdJHhXGHaOfVgVCi
uQ4Q9Ck5hsjTVTtsqkaO+8Xgqrpyb/NYrs8wRqySKqQyr3iuJUvv49UsQWJvwGfF
Z9E4kBnuPVILpX8TkYEgDRCex+nxNoAcBVK+IJWQt5mYjEFi5QHeRtbG2CemZ45M
XpEHKaBq4axzUk3hMBdK
=Pf/K
-----END PGP SIGNATURE-----


Reply to: