Security update for xerces-c SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0966-1 Final 1 1 2016-04-07T08:05:56Z current 2016-04-07T08:05:56Z 2016-04-07T08:05:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xerces-c This update for xerces-c fixes the following security issues: - CVE-2016-0729: Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (boo#966822) - CVE-2015-0252: Fix for mishandling certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation (boo#920810) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html E-Mail link for openSUSE-SU-2016:0966-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libxerces-c-3_1-3.1.1-13.3.1 libxerces-c-3_1-32bit-3.1.1-13.3.1 libxerces-c-3_1-debuginfo-3.1.1-13.3.1 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.1 libxerces-c-devel-3.1.1-13.3.1 xerces-c-3.1.1-13.3.1 xerces-c-debuginfo-3.1.1-13.3.1 xerces-c-debugsource-3.1.1-13.3.1 libxerces-c-3_1-3.1.1-13.3.1 as a component of openSUSE 13.2 libxerces-c-3_1-32bit-3.1.1-13.3.1 as a component of openSUSE 13.2 libxerces-c-3_1-debuginfo-3.1.1-13.3.1 as a component of openSUSE 13.2 libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.1 as a component of openSUSE 13.2 libxerces-c-devel-3.1.1-13.3.1 as a component of openSUSE 13.2 xerces-c-3.1.1-13.3.1 as a component of openSUSE 13.2 xerces-c-debuginfo-3.1.1-13.3.1 as a component of openSUSE 13.2 xerces-c-debugsource-3.1.1-13.3.1 as a component of openSUSE 13.2 internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. CVE-2015-0252 openSUSE 13.2:libxerces-c-3_1-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-32bit-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-debuginfo-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-devel-3.1.1-13.3.1 openSUSE 13.2:xerces-c-3.1.1-13.3.1 openSUSE 13.2:xerces-c-debuginfo-3.1.1-13.3.1 openSUSE 13.2:xerces-c-debugsource-3.1.1-13.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html https://www.suse.com/security/cve/CVE-2015-0252.html CVE-2015-0252 https://bugzilla.suse.com/920810 SUSE Bug 920810 Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. CVE-2016-0729 openSUSE 13.2:libxerces-c-3_1-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-32bit-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-debuginfo-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-3_1-debuginfo-32bit-3.1.1-13.3.1 openSUSE 13.2:libxerces-c-devel-3.1.1-13.3.1 openSUSE 13.2:xerces-c-3.1.1-13.3.1 openSUSE 13.2:xerces-c-debuginfo-3.1.1-13.3.1 openSUSE 13.2:xerces-c-debugsource-3.1.1-13.3.1 moderate 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html https://www.suse.com/security/cve/CVE-2016-0729.html CVE-2016-0729 https://bugzilla.suse.com/966822 SUSE Bug 966822