[SECURITY] [DSA 3199-1] xerces-c security update

2015-03-2018:36:40

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Debian Security Advisory DSA-3199-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
March 20, 2015 http://www.debian.org/security/faq

Package : xerces-c
CVE ID : CVE-2015-0252
Debian Bug : 780827

Anton Rager and Jonathan Brossard from the Salesforce.com Product
Security Team and Ben Laurie of Google discovered a denial of service
vulnerability in xerces-c, a validating XML parser library for C++. The
parser mishandles certain kinds of malformed input documents, resulting
in a segmentation fault during a parse operation. An unauthenticated
attacker could use this flaw to cause an application using the
xerces-c library to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.1-3+deb7u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6alllibxerces-c-doc< 3.1.1-1+deb6u1libxerces-c-doc_3.1.1-1+deb6u1_all.deb
Debian7mipsellibxerces-c3.1< 3.1.1-3+deb7u1libxerces-c3.1_3.1.1-3+deb7u1_mipsel.deb
Debian7alllibxerces-c-doc< 3.1.1-3+deb7u1libxerces-c-doc_3.1.1-3+deb7u1_all.deb
Debian6amd64libxerces-c-samples< 3.1.1-1+deb6u1libxerces-c-samples_3.1.1-1+deb6u1_amd64.deb
Debian7armellibxerces-c-samples< 3.1.1-3+deb7u1libxerces-c-samples_3.1.1-3+deb7u1_armel.deb
Debian7ia64libxerces-c-samples< 3.1.1-3+deb7u1libxerces-c-samples_3.1.1-3+deb7u1_ia64.deb
Debian7powerpclibxerces-c-samples< 3.1.1-3+deb7u1libxerces-c-samples_3.1.1-3+deb7u1_powerpc.deb
Debian7i386libxerces-c-dev< 3.1.1-3+deb7u1libxerces-c-dev_3.1.1-3+deb7u1_i386.deb
Debian6i386libxerces-c-samples< 3.1.1-1+deb6u1libxerces-c-samples_3.1.1-1+deb6u1_i386.deb
Debian7mipslibxerces-c-samples< 3.1.1-3+deb7u1libxerces-c-samples_3.1.1-3+deb7u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	libxerces-c-doc	< 3.1.1-1+deb6u1	libxerces-c-doc_3.1.1-1+deb6u1_all.deb
Debian	7	mipsel	libxerces-c3.1	< 3.1.1-3+deb7u1	libxerces-c3.1_3.1.1-3+deb7u1_mipsel.deb
Debian	7	all	libxerces-c-doc	< 3.1.1-3+deb7u1	libxerces-c-doc_3.1.1-3+deb7u1_all.deb
Debian	6	amd64	libxerces-c-samples	< 3.1.1-1+deb6u1	libxerces-c-samples_3.1.1-1+deb6u1_amd64.deb
Debian	7	armel	libxerces-c-samples	< 3.1.1-3+deb7u1	libxerces-c-samples_3.1.1-3+deb7u1_armel.deb
Debian	7	ia64	libxerces-c-samples	< 3.1.1-3+deb7u1	libxerces-c-samples_3.1.1-3+deb7u1_ia64.deb
Debian	7	powerpc	libxerces-c-samples	< 3.1.1-3+deb7u1	libxerces-c-samples_3.1.1-3+deb7u1_powerpc.deb
Debian	7	i386	libxerces-c-dev	< 3.1.1-3+deb7u1	libxerces-c-dev_3.1.1-3+deb7u1_i386.deb
Debian	6	i386	libxerces-c-samples	< 3.1.1-1+deb6u1	libxerces-c-samples_3.1.1-1+deb6u1_i386.deb
Debian	7	mips	libxerces-c-samples	< 3.1.1-3+deb7u1	libxerces-c-samples_3.1.1-3+deb7u1_mips.deb