xerces security update

2018-11-15T18:53:50
ID CESA-2018:3335
Type centos
Reporter CentOS Project
Modified 2018-11-15T18:53:50

Description

CentOS Errata and Security Advisory CESA-2018:3335

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents.

Security Fix(es):

  • xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005710.html

Affected packages: xerces-c xerces-c-devel xerces-c-doc

Upstream details at: