xerces-c-3.1.1-8.el7

エラータID: AXSA:2016-131:01

Release date: 
Thursday, March 10, 2016 - 23:54
Subject: 
xerces-c-3.1.1-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Xerces-C is a validating XML parser written in a portable
subset of C . Xerces-C makes it easy to give your application the
ability to read and write XML data. A shared library is provided for
parsing, generating, manipulating, and validating XML
documents. Xerces-C is faithful to the XML 1.0 recommendation and
associated standards: XML 1.0 (Third Edition), XML 1.1 (First
Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and Range,
DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,
Namespaces in XML 1.1, XML Schema, XML Inclusions).

Security issues fixed with this release:

CVE-2016-0729
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-0729
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
Additional Info: 

N/A

Download: 

SRPMS
  1. xerces-c-3.1.1-8.el7.src.rpm
    MD5: aeb0086d02a637abf2f93d58a9bf522f
    SHA-256: 413c85fe8d0913f1716f784c6c127accb67ea3d51fd63d02b23f1d6006ce9b81
    Size: 4.80 MB

Asianux Server 7 for x86_64
  1. xerces-c-3.1.1-8.el7.x86_64.rpm
    MD5: dbbe2e49649c5dc43dc1a01c0fd8df0e
    SHA-256: 1fe9c28b7ef81a78d350e8c777937f967f32c8789e72d2d429d9fd6b89f5b54d
    Size: 877.47 kB
  2. xerces-c-3.1.1-8.el7.i686.rpm
    MD5: 767452db005d2c03c4a327cb9732ef5b
    SHA-256: aba06934967ad577c4b932ded45b5df416b16b92c93537f9707bdfa2e004572b
    Size: 887.22 kB