drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in xerces-c
Name: |
Ausführen beliebiger Kommandos in xerces-c |
|
ID: |
DSA-3579-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
Mo, 16. Mai 2016, 11:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2099 |
|
Applikationen: |
Xerces-C++ |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xerces-c CVE ID : CVE-2016-2099 Debian Bug : 823863
Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u2.
For the testing distribution (stretch), this problem has been fixed in version 3.1.3+debian-2.
For the unstable distribution (sid), this problem has been fixed in version 3.1.3+debian-2.
We recommend that you upgrade your xerces-c packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJXOW7JAAoJEAVMuPMTQ89Er9cP/iDY5XCVg4IgAwaogj7wgE7m sG6Bz7ZnUqil7Z9PXawCuxbV4kEsJbfRbz/+RntMfAKMidRttMj5wE8pgAkQwpkM ZxeA2hdNwC2n02s7jQNb2wIzNZT8VXUcslQEHIU+9r+zybUl+w8UolEz3quKaBiw pUW3R17ZTY0S7w5BZ34r4DSvRY4zk4+J94fKgsBgYlCX6E/ZCOYlMS61/ubzSHCh I6DLlBBu/cGJsCdfR0YvQuL63xhH+bCAd28IcS3MVQHG1xTu55J1hQ2M+cepzNi0 R7FhrrRmdfh62MKynZ+LXXsSlaP8254zJEdCaJXE8U0/gB2WKOw7mMcgArFBlBQx IytcZPiEHgEVBfRa/EJJnTXXtVoVr0Fv/7aOHRJIw9rAhpTL1b+FcudEWUgSAsaI OOn+nVNlG/BbvfVtFmukXGZ+M5jQI/Y5kRZrCZqYE2MqDRhP+b27t84tYD3TMo++ 0dWYNrjfVAvsBgJlo52+TyrMX4ndD++IE6JHchPe+v6IAQyWX79N8UkmrZxCfKKo KwiuLp+Jlss/+cnP+aJYp0SJlOfAg79rGJ98/97hrHrQSrtPmfvn6/trUr7xONXl MF7Jnanh/LoryxBoYL1vlxIEFhu6Rc/fzG7yAO58kw4fnKi2OwfnkaYsMYxHFE3o rirTluoIjCgkrmMSoAXS =D1tG -----END PGP SIGNATURE-----
|
|
|
|