Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3493-1] xerces-c security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3493-1] xerces-c security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3493-1] xerces-c security update
  • Date: Thu, 25 Feb 2016 15:59:04 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 25 Feb 2016 15:59:20 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <t7Zb001TdSL.A.zQE.YTyzWB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3493-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xerces-c
CVE ID : CVE-2016-0729
Debian Bug : 815907

Gustavo Grieco discovered that xerces-c, a validating XML parser library
for C++, mishandles certain kinds of malformed input documents,
resulting in buffer overflows during processing and error reporting.
These flaws could lead to a denial of service in applications using the
xerces-c library, or potentially, to the execution of arbitrary code.

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.1-3+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 3.1.1-5.1+deb8u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWzySQAAoJEAVMuPMTQ89EcvMP/3rigLRWRzgO3Lxyxvfpj+Gi
Xy5kq4DwlPrl7MR4C5lV2Wi9pTzk4SOnTbjDe9vl5w8RF+RPirYD1p5miRAZcRn/
5dHY+q7R3RLEPbctdeM2pP2XE9VwDzhZKpZP/TewbL5gxJyjtpCZBhvWOxgkJTB2
LnZdG/LAqIswU3fbWui0QTn4I1nB9M94QYsf4tv7908wT1fZVn4LSMSsic0Uwa/G
y7ski8Kot2IQYCYUMDtddtRSm3s45bS4Z5NM6KMrga63XjpxUzl/tZ2wfn4jB0oD
za/PYLIHr0tW2xBqzmtuK6c+DwrDqNhn1GlBYUmphq0iPCR26nz3j/zjibmebhMd
uoQflO8zNaw2NixyvfjSBAgpeJGYAHD7QLCyBqs6lvdt5hyFvamkRkpBejASIRWk
hhwJ0uF/BhgjMylwl79DvMuUD/+YuMzAhcuvJ0iN4+upqAhMqlbq/f76eianvOEZ
NiWj+N1UT0BMG1oVnswl5PziBPXf9ux31V5OUZn8UUKysQBSpWGKYmaIIVSbzj6y
YRkulxEKlZIICc+i6rVY/W7/c0MnQ56/2t0SYoKHYVAlX2pqMn1rBDqCfKHMba3p
BnvPF8VO9Kpykv/xkXYkaF+V2RrAN22Ju6c5T67SS7raIaL7SJ/FuNuZ4s9IGhIQ
exUPEo22+MI9Uw/NVTv4
=X3xz
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 3493-1] xerces-c security update, Salvatore Bonaccorso, 25.02.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang