xerces security update

ID CESA-2016:0430
Type centos
Reporter CentOS Project
Modified 2016-03-10T17:35:16


CentOS Errata and Security Advisory CESA-2016:0430

Xerces-C is a validating XML parser written in a portable subset of C++.

It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729)

Red Hat would like to thank Gustavo Grieco for reporting this issue.

All xerces-c users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using Xerces-C must be restarted for the update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2016-March/021729.html

Affected packages: xerces-c xerces-c-devel xerces-c-doc

Upstream details at: https://rhn.redhat.com/errata/RHSA-2016-0430.html