Paketname
xerces-c
Datum
2009-12-04
Advisory ID
MDVSA-2009:223-1
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

A vulnerability has been found and corrected in xerces-c:

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in
Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to
cause a denial of service (application crash) via vectors involving
nested parentheses and invalid byte values in simply nested DTD
structures, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-1885).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Aktualisierte Pakete

2008.0 i586

 72383b750cd16274f52f35049b3a5e47  2008.0/i586/libxerces-c0-2.7.0-5.1mdv2008.0.i586.rpm
 e9d2b47d1fb94e748f0e4a2cb9e95e46  2008.0/i586/libxerces-c0-devel-2.7.0-5.1mdv2008.0.i586.rpm
 7d5369e7a62d47aaab0363f24ca05775  2008.0/i586/xerces-c-doc-2.7.0-5.1mdv2008.0.i586.rpm 
 a98ebaaa3a3243fa337eb37de135e918  2008.0/SRPMS/xerces-c-2.7.0-5.1mdv2008.0.src.rpm

2008.0 x86_64

 9ee8f7ee2778a4c2ece40416df246be9  2008.0/x86_64/lib64xerces-c0-2.7.0-5.1mdv2008.0.x86_64.rpm
 38c61e60b68009bcd740e1f3a6d6c0ab  2008.0/x86_64/lib64xerces-c0-devel-2.7.0-5.1mdv2008.0.x86_64.rpm
 7e9bd01041e3548333c1750825a1a469  2008.0/x86_64/xerces-c-doc-2.7.0-5.1mdv2008.0.x86_64.rpm 
 a98ebaaa3a3243fa337eb37de135e918  2008.0/SRPMS/xerces-c-2.7.0-5.1mdv2008.0.src.rpm

Referenzen