Advisories » MGASA-2018-0178

Updated xerces-c packages fix security vulnerability

Publication date: 19 Mar 2018
Modification date: 19 Mar 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-12627

Description

The Xerces-C XML parser mishandles certain kinds of external DTD
references, resulting in dereference of a NULL pointer while processing
the path to the DTD. The bug allows for a denial of service attack in
applications that allow DTD processing and do not prevent external DTD
usage, and could conceivably result in remote code execution
(CVE-2017-12627).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22779
• http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12627

SRPMS

5/core

• xerces-c-3.1.2-1.4.mga5