First Last Prev Next    This bug is not in your last search results.
Bug 38207 - xerces-c: Denial of service (4.1)
xerces-c: Denial of service (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P2 normal (vote)
: UCS 4.1-3-errata
Assigned To: Janek Walkenhorst
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-07 14:43 CEST by Arvid Requate
Modified: 2017-10-26 13:53 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-07 14:43:12 CEST 
Denial of service in internal/XMLReader.cpp via crafted XML data (CVE-2015-0252)
Comment 1 Arvid Requate univentionstaff 2015-05-06 16:42:21 CEST 
Fixed in upstream Debian package version 3.1.1-3+deb7u1
Comment 2 Arvid Requate univentionstaff 2016-02-29 16:55:27 CET 
Fixed in upstream Debian package version 3.1.1-3+deb7u2:

* Apache Xerces-C XML Parser Crashes on Malformed Input (CVE-2016-0729)
Comment 3 Arvid Requate univentionstaff 2016-05-23 15:10:57 CEST 
Fixed in upstream Debian package version 3.1.1-3+deb7u3:

* Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. (CVE-2016-2099)
Comment 4 Janek Walkenhorst univentionstaff 2016-07-01 18:53:48 CEST 
Package        : xerces-c
Version        : 3.1.1-3+deb7u4
CVE ID         : CVE-2016-4463
Debian Bug     : 828990

Brandon Perry discovered that xerces-c, a validating XML parser library
for C++, fails to successfully parse a DTD that is deeply nested,
causing a stack overflow. A remote unauthenticated attacker can take
advantage of this flaw to cause a denial of service against applications
using the xerces-c library.

Additionally this update includes an enhancement to enable applications
to fully disable DTD processing through the use of an environment
variable (XERCES_DISABLE_DTD).

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.1-3+deb7u4.
Comment 5 Janek Walkenhorst univentionstaff 2016-08-26 13:04:45 CEST 
Tests (i386): OK
Advisory: xerces-c.yaml
Comment 6 Arvid Requate univentionstaff 2016-09-05 18:03:15 CEST 
Verified:
* 3.1.1-3+deb7u4 imported and built
* No UCS patches
* Package update Ok (amd64) (tested with open-vm-tools)
* Advisory Ok
Comment 7 Janek Walkenhorst univentionstaff 2016-09-07 18:41:36 CEST 
<http://errata.software-univention.de/ucs/4.1/242.html>
First Last Prev Next    This bug is not in your last search results.