Advisories » MGASA-2016-0189

Updated xerces-c packages fix security vulnerability

Publication date: 20 May 2016
Modification date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2099

Description

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due
to not properly handling invalid characters in XML input documents in the
DTDScanner (CVE-2016-2099).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18421
• https://www.debian.org/security/2016/dsa-3579
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2099

SRPMS

5/core

• xerces-c-3.1.2-1.2.mga5