xerces-j2-2.7.1-12.6.AXS4
エラータID: AXSA:2013-718:01
リリース日:
2013/12/06 Friday - 13:31
題名:
xerces-j2-2.7.1-12.6.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Xerces2 Java の XMLScanner.java には,不正な XML 入力によって,リモートの攻撃者がサービス拒否 (無限ループとアプリケーションのハングアップ) を引き起こす脆弱性があります。(CVE-2009-2625)
一部CVEの翻訳文はJVNからの引用になります
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
追加情報:
From Asianux Server 4 SP3.
ダウンロード:
SRPMS
- xerces-j2-2.7.1-12.6.AXS4.src.rpm
MD5: d5e6ad40911e201bd7173897bc88b0e4
SHA-256: bccc514b4961f81ab854abf13bfb7c00ac664b48bc17aa205dd79a6b9ed87485
Size: 1.63 MB
Asianux Server 4 for x86
- xerces-j2-2.7.1-12.6.AXS4.i686.rpm
MD5: e722c6a25e405d31ebeb37160531b976
SHA-256: 9c8ea914f01fb03cd9cbd25d28d895c62dbda9aa88963dc18cfb4a7cbf5ac478
Size: 2.22 MB
Asianux Server 4 for x86_64
- xerces-j2-2.7.1-12.6.AXS4.x86_64.rpm
MD5: 4315612cb8ee2757cb30e48c32317c84
SHA-256: c3ffb1bb7c2a0ede53dcc4bbf40c75b5a5548cdbe072038053f3dfbd633846f9
Size: 2.52 MB