doc/html/secadv/CVE-2016-0729.txt - xerces-c - Git at Google

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input

 Severity: Critical

 Vendor: The Apache Software Foundation

 Versions Affected: Apache Xerces-C XML Parser library versions
 prior to V3.1.3

 Description: The Xerces-C XML parser mishandles certain kinds of malformed
 input documents, resulting in buffer overlows during processing and error
 reporting. The overflows can manifest as a segmentation fault or as memory
 corruption during a parse operation. The bugs allow for a denial of service
 attack in many applications by an unauthenticated attacker, and could
 conceivably result in remote code execution.

 Mitigation: Applications that are using library versions older than
 V3.1.3 should upgrade as soon as possible. Distributors of older versions
 should apply the patches from this subversion revision:

 http://svn.apache.org/viewvc?view=revision&revision=1727978

 Credit: This issue was reported by Gustavo Grieco.

 References:
 http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt

 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2

 iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y
 /TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ
 Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN
 pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD
 +TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu
 mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al
 0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y
 p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P
 Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp
 gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe
 l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN
 BQJ4QvN4uaHIUxhzVfiL
 =vI5o
 -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA256

	CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input

	Severity: Critical

	Vendor: The Apache Software Foundation

	Versions Affected: Apache Xerces-C XML Parser library versions
	prior to V3.1.3

	Description: The Xerces-C XML parser mishandles certain kinds of malformed
	input documents, resulting in buffer overlows during processing and error
	reporting. The overflows can manifest as a segmentation fault or as memory
	corruption during a parse operation. The bugs allow for a denial of service
	attack in many applications by an unauthenticated attacker, and could
	conceivably result in remote code execution.

	Mitigation: Applications that are using library versions older than
	V3.1.3 should upgrade as soon as possible. Distributors of older versions
	should apply the patches from this subversion revision:

	http://svn.apache.org/viewvc?view=revision&revision=1727978

	Credit: This issue was reported by Gustavo Grieco.

	References:
	http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt

	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v2

	iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y
	/TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ
	Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN
	pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD
	+TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu
	mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al
	0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y
	p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P
	Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp
	gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe
	l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN
	BQJ4QvN4uaHIUxhzVfiL
	=vI5o
	-----END PGP SIGNATURE-----