Advisories ยป MGASA-2014-0398

Updated xerces-j2 packages fix CVE-2013-4002

Publication date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4002

Description

Updated xerces-j2 packages fix security vulnerability:

A resource consumption issue was found in the way Xerces-J handled
XML declarations. A remote attacker could use an XML document with
a specially crafted declaration using a long pseudo-attribute name
that, when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU (CVE-2013-4002).
                

References

SRPMS

4/core

3/core