CentOS Errata and Security Advisory CESA-2016:0430
Xerces-C is a validating XML parser written in a portable subset of C++.
It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729)
Red Hat would like to thank Gustavo Grieco for reporting this issue.
All xerces-c users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using Xerces-C must be restarted for the update to take effect.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2016-March/021729.html
Affected packages: xerces-c xerces-c-devel xerces-c-doc
Upstream details at: https://rhn.redhat.com/errata/RHSA-2016-0430.html