Mageia Advisory: MGASA-2018-0158 - Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix CVE-2017-12627

Publication date: 06 Mar 2018
Modification date: 06 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12627

Description

Updated xerces-c packages fix security vulnerability:

The Xerces-C XML parser mishandles certain kinds of external DTD references, 
resulting in dereference of a NULL pointer while processing the path to the DTD. 
The bug allows for a denial of service attack in applications that allow DTD 
processing and do not prevent external DTD usage, and could conceivably result 
in remote code execution. (CVE-2017-12627)

References

https://bugs.mageia.org/show_bug.cgi?id=22677
http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12627

SRPMS

6/core

xerces-c-3.1.4-2.1.mga6

Advisories » MGASA-2018-0158

Updated xerces-c packages fix CVE-2017-12627

Description

References

SRPMS

6/core