[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 181-1] xerces-c security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xerces-c
Version        : 3.1.1-1+deb6u1
CVE ID         : CVE-2015-0252
Debian Bug     : 780827

Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVFchQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHWlgP/1rVr2Q3Ee36UvQBhk+wziQE
OUBlpKZZS62JgoZvORNhUiO1tSQ3iME3txhhFWbtWjVSjKI9hLcpIkADNrn7GYQd
bb4FEIm83p8SNnPCEWmFgi9bcSp+hDocKtCZjpW9hzd3poebssqXQRmUpK1TBgNs
yH2YnUTdeP/goVK/lAPDHnO7U0cNvaoY47ppaOCMc5toAQrYh0EEWlwkgAUjHi5p
0x2/5DAoM18eB0Y8zxBDAzVGJoHXJ3P/mhmp3G2zqe7KYR7Dgl3r1GS5n0J4kjF8
0/afLgPlVJyBl/JBvZ8IIY5fr3zes1N5bV2ovRbE6xrRPA78uPhM06rJ4PlhHWtC
qfR6lGKFEtuKn4D1z+y3VgAuF/hhlWdFYscnrFQF5URLzv/jsBvproSgKWtJwxWG
5fEuxdEAFFn6gtXw45+6XTOEhZenOz+E2z8KjeCFdQQ7tFnp/vJxuRQwKvtj6uIe
jlYWvUW2moqTvG51akyOnWoqTqwIr3aCPtfJKfBcKH+Oy9u9MLyRJMgF/amFtIPw
XXqMfdAj941Bg4X+gFCePdkiJQz84QDHKiVxgiHJdGL9zPuLHvnGS2nhZCRdQkLP
9dhVcviyfF89UyLuQoVHeiskCyTVqJXMJI/2wW+n8+JkYuCWI/0o5utpm3369tbB
ZY07vIrvosSkvPsxlTuJ
=isfB
-----END PGP SIGNATURE-----


Reply to: