Advisories ยป MGASA-2018-0178

Updated xerces-c packages fix security vulnerability

Publication date: 19 Mar 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-12627


The Xerces-C XML parser mishandles certain kinds of external DTD
references, resulting in dereference of a NULL pointer while processing
the path to the DTD. The bug allows for a denial of service attack in
applications that allow DTD processing and do not prevent external DTD
usage, and could conceivably result in remote code execution