Author: scantor Date: Thu Feb 25 23:51:27 2016 New Revision: 1732402 URL: http://svn.apache.org/viewvc?rev=1732402&view=rev Log: Add latest security advisory.
Added: xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt (with props) Modified: xerces/site/trunk/production/xerces-c/secadv.html Modified: xerces/site/trunk/production/xerces-c/secadv.html URL: http://svn.apache.org/viewvc/xerces/site/trunk/production/xerces-c/secadv.html?rev=1732402&r1=1732401&r2=1732402&view=diff ============================================================================== --- xerces/site/trunk/production/xerces-c/secadv.html (original) +++ xerces/site/trunk/production/xerces-c/secadv.html Thu Feb 25 23:51:27 2016 @@ -69,6 +69,14 @@ <IMG border="0" height="14" hspace="0" src="resources/close.gif" vspace="0" width="120"><BR></TD><TD align="left" valign="top" width="500"><TABLE border="0" cellpadding="3" cellspacing="0"><TR><TD> +<TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD bgcolor="ffffff" colspan="2" width="494"><TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD bgcolor="#039acc" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#039acc" height="1" width="492"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD bgcolor="#039acc" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#0086b2" width="492"><FONT color="#ffffff" face="arial,helvetica,sanserif" size="+1"><IMG border="0" height="2" hspace="0" src="resources/void.gif" vspace="0" width="2"><B>Addressed in 3.1.3 and Later Releases</B></FONT></TD><TD bgcolor="#017299" width="1"><IMG border="0" heig ht="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#017299" height="1" width="492"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD bgcolor="#017299" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR></TABLE></TD></TR><TR><TD width="10"> </TD><TD width="484"><FONT color="#000000" face="arial,helvetica,sanserif"> +<P>The following security advisories apply to versions of +Xerces-C older than V3.1.3:</P> +<UL> + <LI><A href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input</A></LI> +</UL> +</FONT></TD></TR></TABLE><BR> + <TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD bgcolor="ffffff" colspan="2" width="494"><TABLE border="0" cellpadding="0" cellspacing="0" width="494"><TR><TD bgcolor="#039acc" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#039acc" height="1" width="492"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD bgcolor="#039acc" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#0086b2" width="492"><FONT color="#ffffff" face="arial,helvetica,sanserif" size="+1"><IMG border="0" height="2" hspace="0" src="resources/void.gif" vspace="0" width="2"><B>Addressed in 3.1.2 and Later Releases</B></FONT></TD><TD bgcolor="#017299" width="1"><IMG border="0" heig ht="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR><TR><TD bgcolor="#0086b2" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD><TD bgcolor="#017299" height="1" width="492"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="492"></TD><TD bgcolor="#017299" height="1" width="1"><IMG border="0" height="1" hspace="0" src="resources/void.gif" vspace="0" width="1"></TD></TR></TABLE></TD></TR><TR><TD width="10"> </TD><TD width="484"><FONT color="#000000" face="arial,helvetica,sanserif"> <P>The following security advisories apply to versions of Xerces-C older than V3.1.2:</P> Added: xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt URL: http://svn.apache.org/viewvc/xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt?rev=1732402&view=auto ============================================================================== --- xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt (added) +++ xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt Thu Feb 25 23:51:27 2016 @@ -0,0 +1,48 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input + +Severity: Critical + +Vendor: The Apache Software Foundation + +Versions Affected: Apache Xerces-C XML Parser library versions +prior to V3.1.3 + +Description: The Xerces-C XML parser mishandles certain kinds of malformed +input documents, resulting in buffer overlows during processing and error +reporting. The overflows can manifest as a segmentation fault or as memory +corruption during a parse operation. The bugs allow for a denial of service +attack in many applications by an unauthenticated attacker, and could +conceivably result in remote code execution. + +Mitigation: Applications that are using library versions older than +V3.1.3 should upgrade as soon as possible. Distributors of older versions +should apply the patches from this subversion revision: + +http://svn.apache.org/viewvc?view=revision&revision=1727978 + +Credit: This issue was reported by Gustavo Grieco. + +References: +http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y +/TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ +Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN +pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD ++TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu +mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al +0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y +p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P +Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp +gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe +l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN +BQJ4QvN4uaHIUxhzVfiL +=vI5o +-----END PGP SIGNATURE----- + Propchange: xerces/site/trunk/production/xerces-c/secadv/CVE-2016-0729.txt ------------------------------------------------------------------------------ svn:eol-style = native --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org For additional commands, e-mail: commits-h...@xerces.apache.org