-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3199-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2015-0252 Debian Bug : 780827 Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash. For the stable distribution (wheezy), this problem has been fixed in version 3.1.1-3+deb7u1. We recommend that you upgrade your xerces-c packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVDGiSAAoJEAVMuPMTQ89EDVYP/2/J73RRNB/q9JUGnxW5jGKU Xv+Qns5Fy7aSMY5U68xBxu6bKyooeH7ntFZLJ4kgkfzausKj9TwjFc/nNPEEPtYW QapJwCLGLcbdaYC2v/aD7eb8eeWp5ju8hOhBkjjUoawaSmWSNHx0FeCVaCqo5uvQ 1g5FFAia7/8MJ7Ngp2msOdxTWv2h1RSRxdEh6TBCA41iwGHB6YjN8ACZxH6MLzmd m0ttpS+uk2eGTujyoB0FgipASEEwDwGRg+JnYHUjj0NhhIKwK9lmnxg5h/Nen5q2 OWo/Xyspc4DnZYZDRu2bqu7zSPKouyyc1IbDXIp+sWuPQX74BscmmK4TNGQjCrnZ 87/SwzZnqoGhzLA5lrpa8o6jfBFz9li8KE+IPkldIEdr2jdf5nqqSv5ZBEUEBqmN W/KvK1bAAJrZd1lYdtViiYNhpEH6EkLAxde9aShVGQyFTZTBGyrTpK/L3C6OGBd2 3DdN6DZsZOsk5udg78jhd8w6rYnRwbilIkUDE6pwcgSgmkHbzdJHhXGHaOfVgVCi uQ4Q9Ck5hsjTVTtsqkaO+8Xgqrpyb/NYrs8wRqySKqQyr3iuJUvv49UsQWJvwGfF Z9E4kBnuPVILpX8TkYEgDRCex+nxNoAcBVK+IJWQt5mYjEFi5QHeRtbG2CemZ45M XpEHKaBq4axzUk3hMBdK =Pf/K -----END PGP SIGNATURE-----