drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in xerces-c
Name: |
Denial of Service in xerces-c |
|
ID: |
DSA-3610-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Mi, 29. Juni 2016, 23:24 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4463 |
|
Applikationen: |
Xerces-C++ |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xerces-c CVE ID : CVE-2016-4463 Debian Bug : 828990
Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library.
Additionally this update includes an enhancement to enable applications to fully disable DTD processing through the use of an environment variable (XERCES_DISABLE_DTD).
For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u3.
We recommend that you upgrade your xerces-c packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJXdCslAAoJEAVMuPMTQ89EBXUP/1wAze1hP0PcbqqkMsBDevp4 N/+3a8ZYpq4XmcjDcZYVKwekYABJtOWnHTg/7h23dCyJUDjd28atk+DkiOtqbG19 5+SpnRnLAiRj6+2Ua8Bf7dh+ZyO3EoMMyQ0QVByADaRP/N4BIdYtImjDJcBCNyZd 2zwWhAEiIB55u30GAhvDCWsGwN5ucngOsjBI32MzKDGoYGM5gH1igTMz+21O0j7J 411BuZynQK/ZFOaQNnNRQh5Ne1ULCWHFlZOdaLv3Zietdtm9XrVaJZ6NnwK9HYvR UTXXVj5JpJR0XOS85fmYogpjoL2aUUao8zVeGRPlSeg2rPg7IjS/fQXWAWjBVpt8 xkDMiPOo+ED+MNNGPSrsMdncNoD8PhdOGjOwhyHHD3e2wDq3p+6WoVRDU/pTLAc0 eNmMwcvbjugxzEhXMInTtRu9D++X65H/dVWoH/UWw9bMoQfz810+8AUBrc3Tgj3F roFdmhvl2GJtoLtPYc9fIMuORuxe4cejMshhAweUJd0dZhtjQhQUj8jfeBSSaRJs ova3BXgiegGbpl4liT2ds6ZUucJg9mZFSoRwEnZk3iXiBFM0G42BU8kajx6r+XWb 5N89ltkPa+QaRknhAGOcQGKZOtchYo4vb2jsryU99C2g1XZv81wrmqUnsdwbCSD5 2X7QhWMcTqpGgfm605x7 =6vFH -----END PGP SIGNATURE-----
|
|
|
|