xerces-c-3.1.1-9.el7

エラータID: AXSA:2019-3675:01

Release date: 
Friday, February 15, 2019 - 16:30
Subject: 
xerces-c-3.1.1-9.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Xerces-C is a validating XML parser written in a portable subset of C . Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents.

Security Fix(es):

* xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2016-4463
Stack-based buffer overflow in Apache Xerces-C before 3.1.4 allows
context-dependent attackers to cause a denial of service via a deeply
nested DTD.

Solution: 

Update packages.

CVEs: 
CVE-2016-4463
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Additional Info: 

N/A

Download: 

SRPMS
  1. xerces-c-3.1.1-9.el7.src.rpm
    MD5: 4de00c71c6e2bf098cad19825f6caf34
    SHA-256: b7ca389b8a2ddbaa0a82b2d3e83bcb53e1553555fe63de1bb0ca2d4b831c0e5f
    Size: 4.80 MB

Asianux Server 7 for x86_64
  1. xerces-c-3.1.1-9.el7.x86_64.rpm
    MD5: c80e743bbf01cb01103bd80dae55091b
    SHA-256: 9c967b983b2120ffa1a217feb10d1218210cf966dd6b6fbe924a8119c087d0c0
    Size: 877.60 kB
  2. xerces-c-3.1.1-9.el7.i686.rpm
    MD5: 9500b66b010394a3312ae01ac3eada76
    SHA-256: 5b5524e0d2f9ffb8ad5f0212e08ca8f3e82040e8ae23a73499299102b040a112
    Size: 887.70 kB