Debian Security Advisory 3610-1

Debian Security Advisory 3610-1: Posted Jun 30, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3610-1 - Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library.; tags | advisory, remote, denial of service, overflow; systems | linux, debian; advisories | CVE-2016-4463; SHA-256 | 1f894b4a8b46f7ea26ba4c7e1e986dae118351e027465bbd76eee0989c28c308; Download | Favorite | View

Debian Security Advisory 3610-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3610-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 29, 2016                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xerces-c
CVE ID         : CVE-2016-4463
Debian Bug     : 828990

Brandon Perry discovered that xerces-c, a validating XML parser library
for C++, fails to successfully parse a DTD that is deeply nested,
causing a stack overflow. A remote unauthenticated attacker can take
advantage of this flaw to cause a denial of service against applications
using the xerces-c library.

Additionally this update includes an enhancement to enable applications
to fully disable DTD processing through the use of an environment
variable (XERCES_DISABLE_DTD).

For the stable distribution (jessie), this problem has been fixed in
version 3.1.1-5.1+deb8u3.

We recommend that you upgrade your xerces-c packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXdCslAAoJEAVMuPMTQ89EBXUP/1wAze1hP0PcbqqkMsBDevp4
N/+3a8ZYpq4XmcjDcZYVKwekYABJtOWnHTg/7h23dCyJUDjd28atk+DkiOtqbG19
5+SpnRnLAiRj6+2Ua8Bf7dh+ZyO3EoMMyQ0QVByADaRP/N4BIdYtImjDJcBCNyZd
2zwWhAEiIB55u30GAhvDCWsGwN5ucngOsjBI32MzKDGoYGM5gH1igTMz+21O0j7J
411BuZynQK/ZFOaQNnNRQh5Ne1ULCWHFlZOdaLv3Zietdtm9XrVaJZ6NnwK9HYvR
UTXXVj5JpJR0XOS85fmYogpjoL2aUUao8zVeGRPlSeg2rPg7IjS/fQXWAWjBVpt8
xkDMiPOo+ED+MNNGPSrsMdncNoD8PhdOGjOwhyHHD3e2wDq3p+6WoVRDU/pTLAc0
eNmMwcvbjugxzEhXMInTtRu9D++X65H/dVWoH/UWw9bMoQfz810+8AUBrc3Tgj3F
roFdmhvl2GJtoLtPYc9fIMuORuxe4cejMshhAweUJd0dZhtjQhQUj8jfeBSSaRJs
ova3BXgiegGbpl4liT2ds6ZUucJg9mZFSoRwEnZk3iXiBFM0G42BU8kajx6r+XWb
5N89ltkPa+QaRknhAGOcQGKZOtchYo4vb2jsryU99C2g1XZv81wrmqUnsdwbCSD5
2X7QhWMcTqpGgfm605x7
=6vFH
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 111 files
Ubuntu 63 files
Gentoo 33 files
Debian 27 files
sinn3r 23 files
h00die 23 files
Pedro Ribeiro 21 files
juan vazquez 18 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,732)
Other

Debian Security Advisory 3610-1

Debian Security Advisory 3610-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3610-1

Share This

Debian Security Advisory 3610-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems