Please delete this account from the thread. My father passed away last year.
On 1 March 2018 at 02:15, Cantor, Scott <canto...@osu.edu> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > CVE-2017-12627: Apache Xerces-C DTD vulnerability processing external paths > > Severity: Medium > > Vendor: The Apache Software Foundation > > Versions Affected: Apache Xerces-C XML Parser library versions > prior to V3.2.1 > > Description: The Xerces-C XML parser mishandles certain kinds of external > DTD references, resulting in dereference of a NULL pointer while processing > the path to the DTD. The bug allows for a denial of service attack in > applications that allow DTD processing and do not prevent external DTD > usage, and could conceivably result in remote code execution. > > Mitigation: Applications that are using library versions older than > V3.2.1 should upgrade as soon as possible. Distributors of older versions > should apply the patch from this subversion revision: > > http://svn.apache.org/viewvc?view=revision&revision=1819998 > > Applications should strongly consider blocking remote entity resolution > and/or outright disabling of DTD processing in light of the continued > identification of bugs in this area of the library. > > Credit: This issue was reported by Alberto Garcia, Francisco Oca, > and Suleman Ali of Offensive Research at Salesforce.com. > > References: > http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt > > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAlqXX9QACgkQN4uEVAIn > eWIQaBAAikR87i0rxicryFO8xVkhEnrneWn4AM1h55HZNlIdYXzkzfcQqeLbtVSO > bJey5xZIiL6lo+ybMKXyoIrqjtkD1LjqnHcyFPNCFZMD59vS+B47c86U2JU7jEPI > N+Q33U8g8H0fAPhdop0XnhUiXBBvfpWIflunUWefLE+ybd8J5/B7CK54feC0/8CK > Q47Lmj0aMKDtCM37gADbd6gI6PMJ7Kqjf5yb45okp2qhUZFp+8zrbczVmk/W9Opt > JcuoxJFx+yfquMvs+yEelOr0m8vGtVJSFEJILZYEpbiMjMFvvBbXNCSQsPp7c7B9 > idLSect9ZDh5f/r3vEWKWq63dILxNBVm3D6K9PyEsYMk3rOTLeYin4KM5RRsmRV6 > 8QUC0LS5y7q8ZsE8ou3XoFnBNwckHY3yixZ99kplM7SnzAN7N1EHBlQsGYOsEoQ+ > rqIWSPrbRE6Axdbrqo8FMjwq+kBB3zu4/AVl9VbUrV9o1dQGppWxqpRthUAIz6hS > 7abqQXrdrpXwVOx/dPN9/VK8EwmiBLcvgGIGmloABkPrzt7DqgqQfUUeNSUbQlBD > exhckp4ivJre/F2lbdNcYq4ETSBybB++RCJF74DKhp6EwuFddCQfV5bqjeioCu9K > cYjTbzLboz8jVrXTiavqY1Rpazv2agp+bv1jTU+nV0WQVaoSd0c= > =4BQ4 > -----END PGP SIGNATURE----- > >
