Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in xerces-c
Aktuelle Meldungen Distributionen
Name: Denial of Service in xerces-c
ID: DSA-3199-1
Distribution: Debian
Plattformen: Debian wheezy
Datum: Fr, 20. März 2015, 20:28
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0252

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3199-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
March 20, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xerces-c
CVE ID : CVE-2015-0252
Debian Bug : 780827

Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.1-3+deb7u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDGiSAAoJEAVMuPMTQ89EDVYP/2/J73RRNB/q9JUGnxW5jGKU
Xv+Qns5Fy7aSMY5U68xBxu6bKyooeH7ntFZLJ4kgkfzausKj9TwjFc/nNPEEPtYW
QapJwCLGLcbdaYC2v/aD7eb8eeWp5ju8hOhBkjjUoawaSmWSNHx0FeCVaCqo5uvQ
1g5FFAia7/8MJ7Ngp2msOdxTWv2h1RSRxdEh6TBCA41iwGHB6YjN8ACZxH6MLzmd
m0ttpS+uk2eGTujyoB0FgipASEEwDwGRg+JnYHUjj0NhhIKwK9lmnxg5h/Nen5q2
OWo/Xyspc4DnZYZDRu2bqu7zSPKouyyc1IbDXIp+sWuPQX74BscmmK4TNGQjCrnZ
87/SwzZnqoGhzLA5lrpa8o6jfBFz9li8KE+IPkldIEdr2jdf5nqqSv5ZBEUEBqmN
W/KvK1bAAJrZd1lYdtViiYNhpEH6EkLAxde9aShVGQyFTZTBGyrTpK/L3C6OGBd2
3DdN6DZsZOsk5udg78jhd8w6rYnRwbilIkUDE6pwcgSgmkHbzdJHhXGHaOfVgVCi
uQ4Q9Ck5hsjTVTtsqkaO+8Xgqrpyb/NYrs8wRqySKqQyr3iuJUvv49UsQWJvwGfF
Z9E4kBnuPVILpX8TkYEgDRCex+nxNoAcBVK+IJWQt5mYjEFi5QHeRtbG2CemZ45M
XpEHKaBq4axzUk3hMBdK
=Pf/K
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: https://lists.debian.org/E1YZ1mi-0005Qr-CE@master.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung