Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3610-1] xerces-c security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3610-1] xerces-c security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3610-1] xerces-c security update
  • Date: Wed, 29 Jun 2016 20:19:01 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1bILwr-0008EG-Dn AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 29 Jun 2016 20:19:18 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <1J1JohO96aO.A.sfH.G1CdXB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3610-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xerces-c
CVE ID : CVE-2016-4463
Debian Bug : 828990

Brandon Perry discovered that xerces-c, a validating XML parser library
for C++, fails to successfully parse a DTD that is deeply nested,
causing a stack overflow. A remote unauthenticated attacker can take
advantage of this flaw to cause a denial of service against applications
using the xerces-c library.

Additionally this update includes an enhancement to enable applications
to fully disable DTD processing through the use of an environment
variable (XERCES_DISABLE_DTD).

For the stable distribution (jessie), this problem has been fixed in
version 3.1.1-5.1+deb8u3.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXdCslAAoJEAVMuPMTQ89EBXUP/1wAze1hP0PcbqqkMsBDevp4
N/+3a8ZYpq4XmcjDcZYVKwekYABJtOWnHTg/7h23dCyJUDjd28atk+DkiOtqbG19
5+SpnRnLAiRj6+2Ua8Bf7dh+ZyO3EoMMyQ0QVByADaRP/N4BIdYtImjDJcBCNyZd
2zwWhAEiIB55u30GAhvDCWsGwN5ucngOsjBI32MzKDGoYGM5gH1igTMz+21O0j7J
411BuZynQK/ZFOaQNnNRQh5Ne1ULCWHFlZOdaLv3Zietdtm9XrVaJZ6NnwK9HYvR
UTXXVj5JpJR0XOS85fmYogpjoL2aUUao8zVeGRPlSeg2rPg7IjS/fQXWAWjBVpt8
xkDMiPOo+ED+MNNGPSrsMdncNoD8PhdOGjOwhyHHD3e2wDq3p+6WoVRDU/pTLAc0
eNmMwcvbjugxzEhXMInTtRu9D++X65H/dVWoH/UWw9bMoQfz810+8AUBrc3Tgj3F
roFdmhvl2GJtoLtPYc9fIMuORuxe4cejMshhAweUJd0dZhtjQhQUj8jfeBSSaRJs
ova3BXgiegGbpl4liT2ds6ZUucJg9mZFSoRwEnZk3iXiBFM0G42BU8kajx6r+XWb
5N89ltkPa+QaRknhAGOcQGKZOtchYo4vb2jsryU99C2g1XZv81wrmqUnsdwbCSD5
2X7QhWMcTqpGgfm605x7
=6vFH
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3610-1] xerces-c security update, Salvatore Bonaccorso, 29.06.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang