xerces-c-3.1.1-10.el7
エラータID: AXSA:2020-4490:01
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents.
Security Fix(es):
* xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Update packages.
The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
N/A
SRPMS
- xerces-c-3.1.1-10.el7.src.rpm
MD5: 25ba31949fbf03197ebaffe3058c20c4
SHA-256: 6a021c0f9856238d0fd5df2b8a4fca4f8625f817ff931714be6258bbaa3ef924
Size: 4.80 MB
Asianux Server 7 for x86_64
- xerces-c-3.1.1-10.el7.x86_64.rpm
MD5: 1e77c25f685e87e2550a7219aefefce6
SHA-256: be6eb7d17fd572c186c0e8eaf226fdaede81ef56a142663afb921cf763078ad5
Size: 877.74 kB - xerces-c-3.1.1-10.el7.i686.rpm
MD5: f83e0fd8c2045e29c5488c1818c7f7b4
SHA-256: 53cb63bb9dc736b2e65e7181cb176fd40d3c757b6241e8a3d8983f4ea2aa64ce
Size: 888.05 kB
日本語