Advisories » MGASA-2016-0243

Updated xerces-c packages fix security vulnerability

Publication date: 05 Jul 2016
Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4464

Description

The Xerces-C XML parser fails to successfully parse a DTD that is deeply
nested, and this causes a stack overflow, which makes a denial of service
attack against many applications possible by an unauthenticated attacker
(CVE-2016-4464).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18818
• http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4464

SRPMS

5/core

• xerces-c-3.1.2-1.3.mga5