Advisories » MGASA-2015-0136

Updated xerces-c packages fix security vulnerabilities

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0252

Description

Updated xerces-c packages fix security vulnerability:

Anton Rager and Jonathan Brossard from the Salesforce.com Product Security
Team and Ben Laurie of Google discovered a denial of service vulnerability in
xerces-c. The parser mishandles certain kinds of malformed input documents,
resulting in a segmentation fault during a parse operation. An
unauthenticated attacker could use this flaw to cause an application using
the xerces-c library to crash (CVE-2015-0252).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15538
• http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt
• https://www.debian.org/security/2015/dsa-3199
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0252

SRPMS

4/core

• xerces-c-3.1.2-1.mga4