Advisories » MGASA-2014-0398

Updated xerces-j2 packages fix CVE-2013-4002

Publication date: 07 Oct 2014
Modification date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4002

Description

Updated xerces-j2 packages fix security vulnerability:

A resource consumption issue was found in the way Xerces-J handled
XML declarations. A remote attacker could use an XML document with
a specially crafted declaration using a long pseudo-attribute name
that, when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU (CVE-2013-4002).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14176
• https://rhn.redhat.com/errata/RHSA-2014-1319.html
• http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A193/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002

SRPMS

3/core

• xerces-j2-2.11.0-8.1.mga3

4/core

• xerces-j2-2.11.0-10.1.mga4