Package name
xerces-j2
Date
2011-06-13
Advisory ID
MDVSA-2011:108
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability was discovered and corrected in xerces-j2:

Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE)
in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update
20, and in other products, allows remote attackers to cause a denial
of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2625).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 cf0fe4b70ed214ea14b466edf8981edb  2009.0/x86_64/xerces-j2-2.9.0-9.1mdv2009.0.x86_64.rpm
 5e4b68b38f554355d423838f991cf642  2009.0/x86_64/xerces-j2-demo-2.9.0-9.1mdv2009.0.x86_64.rpm
 f81effc463e3da1f758b5f2b578956fd  2009.0/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.x86_64.rpm
 c0483b80fb2b2ec4e72113c0440ae795  2009.0/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.x86_64.rpm
 48df56989967e0594d38d43c6c880a1f  2009.0/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.x86_64.rpm
 c2767225bb3a6017ca0e9e3b23ab70f6  2009.0/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.x86_64.rpm
 f94f0123950744968da229f46d592770  2009.0/x86_64/xerces-j2-scripts-2.9.0-9.1mdv2009.0.x86_64.rpm 
 ddf57cd31d55064c33889faf9e9f74b8  2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

MES5 i586

 2d77d8eee7520a75d32006b0a6593b9a  mes5/i586/xerces-j2-2.9.0-9.1mdvmes5.2.i586.rpm
 498fa9165c65a49a91c2f554412ba08d  mes5/i586/xerces-j2-demo-2.9.0-9.1mdvmes5.2.i586.rpm
 1355593b2b99758401b7402fe4665c14  mes5/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.i586.rpm
 024c4cc368b002a3c8e5e2093b71e3ff  mes5/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.i586.rpm
 a35340802b118ca125976d040dbef05a  mes5/i586/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.i586.rpm
 05d9e1cae5c2ea4d36f6947efc351769  mes5/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.i586.rpm
 f461ae2ab3e94c21961a1e1b848576a4  mes5/i586/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.i586.rpm 
 a9991784656b7edd311cfbf57f27295c  mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm

2010.1 i586

 e5ad74cbbc7031d129612b6c295314f6  2010.1/i586/xerces-j2-2.9.0-12.1mdv2010.2.i586.rpm
 36f1d2dc0ad0eaf65f3caf681a786b1c  2010.1/i586/xerces-j2-demo-2.9.0-12.1mdv2010.2.i586.rpm
 8d3011a0fa4096193fc3a9b55f48cb62  2010.1/i586/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.i586.rpm
 21959c92a02a399eaedc680ba94a852b  2010.1/i586/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.i586.rpm
 a3bf0c3fea849df6c75549b92bb2fc69  2010.1/i586/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.i586.rpm
 38736a69978ea27e8c86697b605de2bb  2010.1/i586/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.i586.rpm
 71eb274ae0b1e3b8d311c825c07c583d  2010.1/i586/xerces-j2-scripts-2.9.0-12.1mdv2010.2.i586.rpm 
 aa76ab8c436a2deea87042e948ee9b87  2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

2009.0 i586

 37cb066faf70adc13f94dde20a432baa  2009.0/i586/xerces-j2-2.9.0-9.1mdv2009.0.i586.rpm
 d4eae4a3c3598d4a8aa937e06a666a4c  2009.0/i586/xerces-j2-demo-2.9.0-9.1mdv2009.0.i586.rpm
 726068ab70043a5ffec264a74584bbd1  2009.0/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.i586.rpm
 ebea985ed82f10cba85c7dc63ebe3292  2009.0/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.i586.rpm
 88990006a3d52f94bf1d92cba4974dfd  2009.0/i586/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.i586.rpm
 c43bddc774e3740943a09ec7c944c90d  2009.0/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.i586.rpm
 45259a83b9e785c45c36ad3af81e7c1a  2009.0/i586/xerces-j2-scripts-2.9.0-9.1mdv2009.0.i586.rpm 
 ddf57cd31d55064c33889faf9e9f74b8  2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

MES5 x86_64

 380c338fa0a80984f1d0086005896b8b  mes5/x86_64/xerces-j2-2.9.0-9.1mdvmes5.2.x86_64.rpm
 815b14cc6277587cd9690aedfb23e52d  mes5/x86_64/xerces-j2-demo-2.9.0-9.1mdvmes5.2.x86_64.rpm
 745dd35db3c5ec94420ba33d31605115  mes5/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.x86_64.rpm
 97f1be73c86d6e1057512840875ebe3d  mes5/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.x86_64.rpm
 3a6f08eb04c7f04dba7bba0af9728fe9  mes5/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.x86_64.rpm
 990027b4eeed11ac8689534e2721f789  mes5/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.x86_64.rpm
 a1601357c9d02a3cdc0d884c641fa207  mes5/x86_64/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.x86_64.rpm 
 a9991784656b7edd311cfbf57f27295c  mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm

2010.1 x86_64

 b10c8ed786180fcc564c913e81407d39  2010.1/x86_64/xerces-j2-2.9.0-12.1mdv2010.2.x86_64.rpm
 ddee966d3283e3ee881de32045705844  2010.1/x86_64/xerces-j2-demo-2.9.0-12.1mdv2010.2.x86_64.rpm
 10faa110174a57e84b917df59d7354d9  2010.1/x86_64/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.x86_64.rpm
 f337e9478e4e7981b8fc5711bce6c374  2010.1/x86_64/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.x86_64.rpm
 853857a2fa3423bfe570683130a04a30  2010.1/x86_64/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.x86_64.rpm
 464aa2803e1d2c6379ab1c4efde16458  2010.1/x86_64/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.x86_64.rpm
 753a920e14066f0947e86eb3c58dc3b0  2010.1/x86_64/xerces-j2-scripts-2.9.0-12.1mdv2010.2.x86_64.rpm 
 aa76ab8c436a2deea87042e948ee9b87  2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

References