Описание
Security update for Xerces-C
The Xerces-C XML parsing library was updated to fix mishandling certain kinds of malformed input documents, that could have resulted in a segmentation faults during a parse operation, leading to denial of service or potential code execution. (bnc#920810,CVE-2015-0252)
Список пакетов
SUSE Linux Enterprise Desktop 12
libxerces-c-3_1-3.1.1-4.1
libxerces-c-3_1-32bit-3.1.1-4.1
SUSE Linux Enterprise Workstation Extension 12
libxerces-c-3_1-3.1.1-4.1
libxerces-c-3_1-32bit-3.1.1-4.1
Ссылки
- Link for SUSE-SU-2015:0597-1
- E-Mail link for SUSE-SU-2015:0597-1
- SUSE Security Ratings
- SUSE Bug 920810
- SUSE CVE CVE-2015-0252 page
Описание
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libxerces-c-3_1-3.1.1-4.1
SUSE Linux Enterprise Desktop 12:libxerces-c-3_1-32bit-3.1.1-4.1
SUSE Linux Enterprise Workstation Extension 12:libxerces-c-3_1-3.1.1-4.1
SUSE Linux Enterprise Workstation Extension 12:libxerces-c-3_1-32bit-3.1.1-4.1
Ссылки
- CVE-2015-0252
- SUSE Bug 920810