Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-202304-05 Important: Vulnerability in FOO Library

gentoo
Calendar Grey March 9, 2009
Dist Gentoo Esm H88
A vulnerability in Xerces-C++ can lead to Denial of Service attacks through specially crafted XML schema files. Users are advised to upgrade to secure versions.
An error in Xerces-C++ allows for a Denial of Service via malicious XML schema files.

Summary

Gentoo Linux Security Advisory GLSA 200903-19 https://security.gentoo.org/ Severity: Normal Title: Xerces-C++: Denial of Service Date: March 09, 2009 Bugs: #240496 ID: 200903-19

Synopsis ======= An error in Xerces-C++ allows for a Denial of Service via malicious XML schema files.
Background ========= Xerces-C++ is a validating XML parser written in a portable subset of C++.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/xerces-c < 3.0.0-r1 >= 3.0.0-r1
========== Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the v...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service gentoo normal severity xerces-c++

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service gentoo normal severity xerces-c++

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here