lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YZ1mi-0005Qr-CE@master.debian.org>
Date: Fri, 20 Mar 2015 18:36:40 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3199-1] xerces-c security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3199-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
March 20, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xerces-c
CVE ID         : CVE-2015-0252
Debian Bug     : 780827

Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.1-3+deb7u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDGiSAAoJEAVMuPMTQ89EDVYP/2/J73RRNB/q9JUGnxW5jGKU
Xv+Qns5Fy7aSMY5U68xBxu6bKyooeH7ntFZLJ4kgkfzausKj9TwjFc/nNPEEPtYW
QapJwCLGLcbdaYC2v/aD7eb8eeWp5ju8hOhBkjjUoawaSmWSNHx0FeCVaCqo5uvQ
1g5FFAia7/8MJ7Ngp2msOdxTWv2h1RSRxdEh6TBCA41iwGHB6YjN8ACZxH6MLzmd
m0ttpS+uk2eGTujyoB0FgipASEEwDwGRg+JnYHUjj0NhhIKwK9lmnxg5h/Nen5q2
OWo/Xyspc4DnZYZDRu2bqu7zSPKouyyc1IbDXIp+sWuPQX74BscmmK4TNGQjCrnZ
87/SwzZnqoGhzLA5lrpa8o6jfBFz9li8KE+IPkldIEdr2jdf5nqqSv5ZBEUEBqmN
W/KvK1bAAJrZd1lYdtViiYNhpEH6EkLAxde9aShVGQyFTZTBGyrTpK/L3C6OGBd2
3DdN6DZsZOsk5udg78jhd8w6rYnRwbilIkUDE6pwcgSgmkHbzdJHhXGHaOfVgVCi
uQ4Q9Ck5hsjTVTtsqkaO+8Xgqrpyb/NYrs8wRqySKqQyr3iuJUvv49UsQWJvwGfF
Z9E4kBnuPVILpX8TkYEgDRCex+nxNoAcBVK+IJWQt5mYjEFi5QHeRtbG2CemZ45M
XpEHKaBq4axzUk3hMBdK
=Pf/K
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ