[SECURITY] [DSA 3493-1] xerces-c security update

2016-02-2515:59:04

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

90.9%

JSON

Debian Security Advisory DSA-3493-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2016 https://www.debian.org/security/faq

Package : xerces-c
CVE ID : CVE-2016-0729
Debian Bug : 815907

Gustavo Grieco discovered that xerces-c, a validating XML parser library
for C++, mishandles certain kinds of malformed input documents,
resulting in buffer overflows during processing and error reporting.
These flaws could lead to a denial of service in applications using the
xerces-c library, or potentially, to the execution of arbitrary code.

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.1-3+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 3.1.1-5.1+deb8u1.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8amd64libxerces-c-dev< 3.1.1-5.1+deb8u1libxerces-c-dev_3.1.1-5.1+deb8u1_amd64.deb
Debian7armellibxerces-c-samples< 3.1.1-3+deb7u2libxerces-c-samples_3.1.1-3+deb7u2_armel.deb
Debian7kfreebsd-i386libxerces-c-dev< 3.1.1-3+deb7u2libxerces-c-dev_3.1.1-3+deb7u2_kfreebsd-i386.deb
Debian7armhflibxerces-c3.1< 3.1.1-3+deb7u2libxerces-c3.1_3.1.1-3+deb7u2_armhf.deb
Debian7amd64libxerces-c-dev< 3.1.1-3+deb7u2libxerces-c-dev_3.1.1-3+deb7u2_amd64.deb
Debian8kfreebsd-amd64libxerces-c-dev< 3.1.1-5.1+deb8u1libxerces-c-dev_3.1.1-5.1+deb8u1_kfreebsd-amd64.deb
Debian8arm64libxerces-c-samples< 3.1.1-5.1+deb8u1libxerces-c-samples_3.1.1-5.1+deb8u1_arm64.deb
Debian8alllibxerces-c-doc< 3.1.1-5.1+deb8u1libxerces-c-doc_3.1.1-5.1+deb8u1_all.deb
Debian7s390libxerces-c3.1< 3.1.1-3+deb7u2libxerces-c3.1_3.1.1-3+deb7u2_s390.deb
Debian8kfreebsd-i386libxerces-c-dev< 3.1.1-5.1+deb8u1libxerces-c-dev_3.1.1-5.1+deb8u1_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	libxerces-c-dev	< 3.1.1-5.1+deb8u1	libxerces-c-dev_3.1.1-5.1+deb8u1_amd64.deb
Debian	7	armel	libxerces-c-samples	< 3.1.1-3+deb7u2	libxerces-c-samples_3.1.1-3+deb7u2_armel.deb
Debian	7	kfreebsd-i386	libxerces-c-dev	< 3.1.1-3+deb7u2	libxerces-c-dev_3.1.1-3+deb7u2_kfreebsd-i386.deb
Debian	7	armhf	libxerces-c3.1	< 3.1.1-3+deb7u2	libxerces-c3.1_3.1.1-3+deb7u2_armhf.deb
Debian	7	amd64	libxerces-c-dev	< 3.1.1-3+deb7u2	libxerces-c-dev_3.1.1-3+deb7u2_amd64.deb
Debian	8	kfreebsd-amd64	libxerces-c-dev	< 3.1.1-5.1+deb8u1	libxerces-c-dev_3.1.1-5.1+deb8u1_kfreebsd-amd64.deb
Debian	8	arm64	libxerces-c-samples	< 3.1.1-5.1+deb8u1	libxerces-c-samples_3.1.1-5.1+deb8u1_arm64.deb
Debian	8	all	libxerces-c-doc	< 3.1.1-5.1+deb8u1	libxerces-c-doc_3.1.1-5.1+deb8u1_all.deb
Debian	7	s390	libxerces-c3.1	< 3.1.1-3+deb7u2	libxerces-c3.1_3.1.1-3+deb7u2_s390.deb
Debian	8	kfreebsd-i386	libxerces-c-dev	< 3.1.1-5.1+deb8u1	libxerces-c-dev_3.1.1-5.1+deb8u1_kfreebsd-i386.deb