Updated xerces-c packages fix CVE-2017-12627
Publication date: 06 Mar 2018Modification date: 06 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12627
Description
Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution. (CVE-2017-12627)
References
SRPMS
6/core
- xerces-c-3.1.4-2.1.mga6