ArchLinux: 201606-22: xerces-c: arbitrary code execution
Summary
The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object.
Resolution
Upgrade to 3.1.3-2.
# pacman -Syu "xerces-c>=3.1.3-2"
The problem has been fixed upstream in version 3.1.3.
References
https://bugs.archlinux.org/task/49353 https://issues.apache.org/jira/browse/XERCESC-2066 https://www.openwall.com/lists/oss-security/2016/05/09/7 https://access.redhat.com/security/cve/CVE-2016-2099
Workaround
None.