Arch Linux: 202308-1 Severity: Xerces-C Vulnerability Inducing DoS Risk
Jul 05, 2016
•
LinuxSecurity Advisories
1 min read
The package xerces-c before version 3.1.4-1 is vulnerable to denial of service.
Arch Linux Security Advisory ASA-201607-2 ======================================== Severity: Medium Date : 2016-07-05 CVE-ID : CVE-2016-4463 Package : xerces-c Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package xerces-c before version 3.1.4-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.1.4-1. # pacman -Syu "xerces-c>=3.1.4-1" The problem has been fixed upstream in version 3.1.4. Workaround ========= None. Description ========== The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Impact ===== A remote attacker is able to use a specially crafted XML document that, when processed, is leading to application crash resulting in denial of service. References ========= https://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt https://seclists.org/bugtraq/2016/Jun/115 https://access.redhat.com/security/cve/CVE-2016-4463
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!