Mageia Advisory: MGASA-2016-0088 - Updated xerces-c packages fix CVE-2016-0729

Updated xerces-c packages fix CVE-2016-0729

Publication date: 02 Mar 2016
Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0729

Description

Updated xerces-c packages fix security vulnerability:

The Xerces-C XML parser mishandles certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting. The
overflows can manifest as a segmentation fault or as memory corruption during
a parse operation. The bugs allow for a denial of service attack in many
applications by an unauthenticated attacker, and could conceivably result in
remote code execution (CVE-2016-0729).

References

https://bugs.mageia.org/show_bug.cgi?id=17820
http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0729

SRPMS

5/core

xerces-c-3.1.2-1.1.mga5

Advisories » MGASA-2016-0088

Updated xerces-c packages fix CVE-2016-0729

Description

References

SRPMS

5/core