CVE-2016-0729.txt

scantor Thu, 25 Feb 2016 15:52:24 -0800

Author: scantor
Date: Thu Feb 25 23:51:27 2016
New Revision: 1732402

URL: http://svn.apache.org/viewvc?rev=1732402&view=rev
Log:
Add latest security advisory.


Added:
    xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt   (with 
props)
Modified:
    xerces/site/trunk/production/xerces-c/secadv.html

Modified: xerces/site/trunk/production/xerces-c/secadv.html
URL: 
http://svn.apache.org/viewvc/xerces/site/trunk/production/xerces-c/secadv.html?rev=1732402&r1=1732401&r2=1732402&view=diff
==============================================================================
--- xerces/site/trunk/production/xerces-c/secadv.html (original)
+++ xerces/site/trunk/production/xerces-c/secadv.html Thu Feb 25 23:51:27 2016
@@ -69,6 +69,14 @@
 
 <IMG border="0" height="14" hspace="0" src="resources/close.gif" vspace="0" 
width="120"><BR></TD><TD align="left" valign="top" width="500"><TABLE 
border="0" cellpadding="3" cellspacing="0"><TR><TD>
 
+<TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD 
bgcolor="ffffff" colspan="2" width="494"><TABLE border="0" cellpadding="0" 
cellspacing="0" width="494"><TR><TD bgcolor="#039acc" height="1" width="1"><IMG 
border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD><TD bgcolor="#039acc" height="1" width="492"><IMG border="0" 
height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD 
bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD 
bgcolor="#039acc" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#0086b2" 
width="492"><FONT color="#ffffff" face="arial,helvetica,sanserif" 
size="+1"><IMG border="0" height="2" hspace="0" src="resources/void.gif" 
vspace="0" width="2"><B>Addressed in 3.1.3 and Later 
Releases</B></FONT></TD><TD bgcolor="#017299" width="1"><IMG border="0" heig
 ht="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD></TR><TR><TD bgcolor="#0086b2" height="1" width="1"><IMG 
border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD><TD bgcolor="#017299" height="1" width="492"><IMG border="0" 
height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD 
bgcolor="#017299" height="1" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" 
width="1"></TD></TR></TABLE></TD></TR><TR><TD width="10">&nbsp;</TD><TD 
width="484"><FONT color="#000000" face="arial,helvetica,sanserif">
+<P>The following security advisories apply to versions of
+Xerces-C older than V3.1.3:</P>
+<UL>
+  <LI><A href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML 
Parser Crashes on Malformed Input</A></LI>
+</UL>
+</FONT></TD></TR></TABLE><BR>
+
 <TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD 
bgcolor="ffffff" colspan="2" width="494"><TABLE border="0" cellpadding="0" 
cellspacing="0" width="494"><TR><TD bgcolor="#039acc" height="1" width="1"><IMG 
border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD><TD bgcolor="#039acc" height="1" width="492"><IMG border="0" 
height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD 
bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD 
bgcolor="#039acc" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#0086b2" 
width="492"><FONT color="#ffffff" face="arial,helvetica,sanserif" 
size="+1"><IMG border="0" height="2" hspace="0" src="resources/void.gif" 
vspace="0" width="2"><B>Addressed in 3.1.2 and Later 
Releases</B></FONT></TD><TD bgcolor="#017299" width="1"><IMG border="0" heig
 ht="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD></TR><TR><TD bgcolor="#0086b2" height="1" width="1"><IMG 
border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" 
width="1"></TD><TD bgcolor="#017299" height="1" width="492"><IMG border="0" 
height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD 
bgcolor="#017299" height="1" width="1"><IMG border="0" height="1" hspace="0" 
src="resources/void.gif" vspace="0" 
width="1"></TD></TR></TABLE></TD></TR><TR><TD width="10">&nbsp;</TD><TD 
width="484"><FONT color="#000000" face="arial,helvetica,sanserif">
 <P>The following security advisories apply to versions of
 Xerces-C older than V3.1.2:</P>

Added: xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt
URL: 
http://svn.apache.org/viewvc/xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt?rev=1732402&view=auto
==============================================================================
--- xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt (added)
+++ xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt Thu Feb 25 
23:51:27 2016
@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
+
+Severity: Critical
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Xerces-C XML Parser library versions
+prior to V3.1.3
+
+Description: The Xerces-C XML parser mishandles certain kinds of malformed
+input documents, resulting in buffer overlows during processing and error
+reporting. The overflows can manifest as a segmentation fault or as memory
+corruption during a parse operation. The bugs allow for a denial of service
+attack in many applications by an unauthenticated attacker, and could
+conceivably result in remote code execution.
+
+Mitigation: Applications that are using library versions older than
+V3.1.3 should upgrade as soon as possible. Distributors of older versions
+should apply the patches from this subversion revision:
+
+http://svn.apache.org/viewvc?view=revision&revision=1727978
+
+Credit: This issue was reported by Gustavo Grieco.
+
+References:
+http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y
+/TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ
+Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN
+pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD
++TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu
+mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al
+0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y
+p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P
+Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp
+gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe
+l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN
+BQJ4QvN4uaHIUxhzVfiL
+=vI5o
+-----END PGP SIGNATURE-----
+

Propchange: xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org
For additional commands, e-mail: commits-h...@xerces.apache.org

svn commit: r1732402 - in /xerces/site/trunk/production/xerces-c: secadv.html secadv/CVE-2016-0729.txt

Reply via email to