openSUSE-SU-2016:1121-1

Опубликовано: 21 апр. 2016

Источник: suse-cvrf

Описание

Security update for xerces-c

This update for xerces-c fixes the following security issue:

CVE-2016-0729: Fixed mishandling certain kinds of malformed input documents, that resulted in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

libxerces-c-3_1-3.1.1-16.1

libxerces-c-3_1-32bit-3.1.1-16.1

libxerces-c-devel-3.1.1-16.1

xerces-c-3.1.1-16.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html
E-Mail link for openSUSE-SU-2016:1121-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Затронутые продукты

openSUSE Leap 42.1:libxerces-c-3_1-3.1.1-16.1

openSUSE Leap 42.1:libxerces-c-3_1-32bit-3.1.1-16.1

openSUSE Leap 42.1:libxerces-c-devel-3.1.1-16.1

openSUSE Leap 42.1:xerces-c-3.1.1-16.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-0729.html
CVE-2016-0729
https://bugzilla.suse.com/966822
SUSE Bug 966822

openSUSE-SU-2016:1121-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-0729

Описание

Затронутые продукты

Ссылки