lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1QW8jE-0001EL-Sk@titan.mandriva.com>
Date: Mon, 13 Jun 2011 17:07:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:108 ] xerces-j2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:108
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xerces-j2
 Date    : June 13, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in xerces-j2:
 
 Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE)
 in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update
 20, and in other products, allows remote attackers to cause a denial
 of service (infinite loop and application hang) via malformed XML
 input, as demonstrated by the Codenomicon XML fuzzing framework
 (CVE-2009-2625).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 37cb066faf70adc13f94dde20a432baa  2009.0/i586/xerces-j2-2.9.0-9.1mdv2009.0.i586.rpm
 d4eae4a3c3598d4a8aa937e06a666a4c  2009.0/i586/xerces-j2-demo-2.9.0-9.1mdv2009.0.i586.rpm
 726068ab70043a5ffec264a74584bbd1  2009.0/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.i586.rpm
 ebea985ed82f10cba85c7dc63ebe3292  2009.0/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.i586.rpm
 88990006a3d52f94bf1d92cba4974dfd  2009.0/i586/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.i586.rpm
 c43bddc774e3740943a09ec7c944c90d  2009.0/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.i586.rpm
 45259a83b9e785c45c36ad3af81e7c1a  2009.0/i586/xerces-j2-scripts-2.9.0-9.1mdv2009.0.i586.rpm 
 ddf57cd31d55064c33889faf9e9f74b8  2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cf0fe4b70ed214ea14b466edf8981edb  2009.0/x86_64/xerces-j2-2.9.0-9.1mdv2009.0.x86_64.rpm
 5e4b68b38f554355d423838f991cf642  2009.0/x86_64/xerces-j2-demo-2.9.0-9.1mdv2009.0.x86_64.rpm
 f81effc463e3da1f758b5f2b578956fd  2009.0/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.x86_64.rpm
 c0483b80fb2b2ec4e72113c0440ae795  2009.0/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.x86_64.rpm
 48df56989967e0594d38d43c6c880a1f  2009.0/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.x86_64.rpm
 c2767225bb3a6017ca0e9e3b23ab70f6  2009.0/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.x86_64.rpm
 f94f0123950744968da229f46d592770  2009.0/x86_64/xerces-j2-scripts-2.9.0-9.1mdv2009.0.x86_64.rpm 
 ddf57cd31d55064c33889faf9e9f74b8  2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 e5ad74cbbc7031d129612b6c295314f6  2010.1/i586/xerces-j2-2.9.0-12.1mdv2010.2.i586.rpm
 36f1d2dc0ad0eaf65f3caf681a786b1c  2010.1/i586/xerces-j2-demo-2.9.0-12.1mdv2010.2.i586.rpm
 8d3011a0fa4096193fc3a9b55f48cb62  2010.1/i586/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.i586.rpm
 21959c92a02a399eaedc680ba94a852b  2010.1/i586/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.i586.rpm
 a3bf0c3fea849df6c75549b92bb2fc69  2010.1/i586/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.i586.rpm
 38736a69978ea27e8c86697b605de2bb  2010.1/i586/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.i586.rpm
 71eb274ae0b1e3b8d311c825c07c583d  2010.1/i586/xerces-j2-scripts-2.9.0-12.1mdv2010.2.i586.rpm 
 aa76ab8c436a2deea87042e948ee9b87  2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 b10c8ed786180fcc564c913e81407d39  2010.1/x86_64/xerces-j2-2.9.0-12.1mdv2010.2.x86_64.rpm
 ddee966d3283e3ee881de32045705844  2010.1/x86_64/xerces-j2-demo-2.9.0-12.1mdv2010.2.x86_64.rpm
 10faa110174a57e84b917df59d7354d9  2010.1/x86_64/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.x86_64.rpm
 f337e9478e4e7981b8fc5711bce6c374  2010.1/x86_64/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.x86_64.rpm
 853857a2fa3423bfe570683130a04a30  2010.1/x86_64/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.x86_64.rpm
 464aa2803e1d2c6379ab1c4efde16458  2010.1/x86_64/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.x86_64.rpm
 753a920e14066f0947e86eb3c58dc3b0  2010.1/x86_64/xerces-j2-scripts-2.9.0-12.1mdv2010.2.x86_64.rpm 
 aa76ab8c436a2deea87042e948ee9b87  2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 2d77d8eee7520a75d32006b0a6593b9a  mes5/i586/xerces-j2-2.9.0-9.1mdvmes5.2.i586.rpm
 498fa9165c65a49a91c2f554412ba08d  mes5/i586/xerces-j2-demo-2.9.0-9.1mdvmes5.2.i586.rpm
 1355593b2b99758401b7402fe4665c14  mes5/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.i586.rpm
 024c4cc368b002a3c8e5e2093b71e3ff  mes5/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.i586.rpm
 a35340802b118ca125976d040dbef05a  mes5/i586/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.i586.rpm
 05d9e1cae5c2ea4d36f6947efc351769  mes5/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.i586.rpm
 f461ae2ab3e94c21961a1e1b848576a4  mes5/i586/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.i586.rpm 
 a9991784656b7edd311cfbf57f27295c  mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 380c338fa0a80984f1d0086005896b8b  mes5/x86_64/xerces-j2-2.9.0-9.1mdvmes5.2.x86_64.rpm
 815b14cc6277587cd9690aedfb23e52d  mes5/x86_64/xerces-j2-demo-2.9.0-9.1mdvmes5.2.x86_64.rpm
 745dd35db3c5ec94420ba33d31605115  mes5/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.x86_64.rpm
 97f1be73c86d6e1057512840875ebe3d  mes5/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.x86_64.rpm
 3a6f08eb04c7f04dba7bba0af9728fe9  mes5/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.x86_64.rpm
 990027b4eeed11ac8689534e2721f789  mes5/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.x86_64.rpm
 a1601357c9d02a3cdc0d884c641fa207  mes5/x86_64/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.x86_64.rpm 
 a9991784656b7edd311cfbf57f27295c  mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN9fgnmqjQ0CJFipgRAmspAJ0Ylvf3cIGVxgWJThqUjCCElt52QgCeJKRh
TzRhRpoAIyy00Twg1G8t8Mk=
=0/P6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ