Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 11 FEDORA-2009-8332 Critical: Xerces-C Stack Overflow Issue

fedora
Calendar Grey August 25, 2009
Dist Fedora Esm H88
Important patch for Fedora 11 resolves the buffer overflow vulnerability in xerces-c27. Maintain system integrity and safety.
CVE-2009-1885

Summary

Xerces-C is a validating XML parser written in a portable subset of C++.

Xerces-C makes it easy to give your application the ability to read and write

XML data. A shared library is provided for parsing, generating, manipulating,

and validating XML documents. Xerces-C is faithful to the XML 1.0

recommendation and associated standards ( DOM 1.0, DOM 2.0. SAX 1.0, SAX 2.0,

Namespaces).

Note that this package contains Xerces-C++ 2.7.0 for compatibility with

applications that cannot use a newer version.

Update Information:

CVE-2009-1885

Topics%20covered

Topics Covered

security advisory update critical Fedora stack overflow xerces-c XML parser

Change Log

* Thu Aug 6 2009 Peter Lemenkov 2.7.0-8 - Fix CVE-2009-1885 * Mon Jul 27 2009 Fedora Release Engineering - 2.7.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

References


[ 1 ] Bug #515515 - CVE-2009-1885 xerces-c, xerces-c27: Stack overflow when parsing recursive XML structures https://bugzilla.redhat.com/show_bug.cgi?id=515515

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xerces-c27' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xerces-c27
Product: Fedora 11
Version: 2.7.0
Release: 8.fc11
URL: https://xerces.apache.org/xerces-c/
Summary: Validating XML Parser

Topics%20covered

Topics Covered

security advisory update critical Fedora stack overflow xerces-c XML parser

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here