You are here
Home > Preporuke > Ranjivosti programskog paketa xerces-c

Ranjivosti programskog paketa xerces-c

——————————————————————————–
Fedora Update Notification
FEDORA-2016-9284772686
2016-07-02 13:28:24.861888
——————————————————————————–

Name : xerces-c
Product : Fedora 24
Version : 3.1.4
Release : 1.fc24
URL : http://xml.apache.org/xerces-c/
Summary : Validating XML Parser
Description :
Xerces-C is a validating XML parser written in a portable
subset of C++. Xerces-C makes it easy to give your application the
ability to read and write XML data. A shared library is provided for
parsing, generating, manipulating, and validating XML
documents. Xerces-C is faithful to the XML 1.0 recommendation and
associated standards: XML 1.0 (Third Edition), XML 1.1 (First
Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and Range,
DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,
Namespaces in XML 1.1, XML Schema, XML Inclusions).

——————————————————————————–
Update Information:

Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463
——————————————————————————–
References:

[ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
https://bugzilla.redhat.com/show_bug.cgi?id=1348845
[ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
https://bugzilla.redhat.com/show_bug.cgi?id=1310699
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2016-0a061f6dd9
2016-07-05 03:16:56.305416
——————————————————————————–

Name        : mingw-xerces-c
Product     : Fedora 24
Version     : 3.1.4
Release     : 1.fc24
URL         : http://xml.apache.org/xerces-c/
Summary     : MingGW Windows validating XML parser
Description :
Xerces-C is a validating XML parser written in a portable subset of
C++. Xerces-C makes it easy to give your application the ability to
read and write XML data. A shared library is provided for parsing,
generating, manipulating, and validating XML documents. Xerces-C is
faithful to the XML 1.0 recommendation and associated standards (DOM
1.0, DOM 2.0. SAX 1.0, SAX 2.0, Namespaces).

——————————————————————————–
Update Information:

MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and
CVE-2016-4463
——————————————————————————–
References:

  [ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
        https://bugzilla.redhat.com/show_bug.cgi?id=1348845
  [ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
        https://bugzilla.redhat.com/show_bug.cgi?id=1310699
  [ 3 ] Bug #1312231 – CVE-2016-0729 xerces-c: parser crashes on malformed input
        https://bugzilla.redhat.com/show_bug.cgi?id=1312231
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2016-d2d6890690
2016-07-06 05:18:34.927252
——————————————————————————–

Name        : xerces-c
Product     : Fedora 23
Version     : 3.1.4
Release     : 1.fc23
URL         : http://xml.apache.org/xerces-c/
Summary     : Validating XML Parser
Description :
Xerces-C is a validating XML parser written in a portable
subset of C++. Xerces-C makes it easy to give your application the
ability to read and write XML data. A shared library is provided for
parsing, generating, manipulating, and validating XML
documents. Xerces-C is faithful to the XML 1.0 recommendation and
associated standards: XML 1.0 (Third Edition), XML 1.1 (First
Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and Range,
DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,
Namespaces in XML 1.1, XML Schema, XML Inclusions).

——————————————————————————–
Update Information:

Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463
——————————————————————————–
References:

  [ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
        https://bugzilla.redhat.com/show_bug.cgi?id=1348845
  [ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
        https://bugzilla.redhat.com/show_bug.cgi?id=1310699
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-87e8468465
2016-07-06 05:18:34.927102
——————————————————————————–

Name        : mingw-xerces-c
Product     : Fedora 23
Version     : 3.1.4
Release     : 1.fc23
URL         : http://xml.apache.org/xerces-c/
Summary     : MingGW Windows validating XML parser
Description :
Xerces-C is a validating XML parser written in a portable subset of
C++. Xerces-C makes it easy to give your application the ability to
read and write XML data. A shared library is provided for parsing,
generating, manipulating, and validating XML documents. Xerces-C is
faithful to the XML 1.0 recommendation and associated standards (DOM
1.0, DOM 2.0. SAX 1.0, SAX 2.0, Namespaces).

——————————————————————————–
Update Information:

MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and
CVE-2016-4463
——————————————————————————–
References:

  [ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
        https://bugzilla.redhat.com/show_bug.cgi?id=1348845
  [ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
        https://bugzilla.redhat.com/show_bug.cgi?id=1310699
  [ 3 ] Bug #1312231 – CVE-2016-0729 xerces-c: parser crashes on malformed input
        https://bugzilla.redhat.com/show_bug.cgi?id=1312231
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-84373c5f4f
2016-07-06 05:18:33.291671
——————————————————————————–

Name        : xerces-c
Product     : Fedora 22
Version     : 3.1.4
Release     : 1.fc22
URL         : http://xml.apache.org/xerces-c/
Summary     : Validating XML Parser
Description :
Xerces-C is a validating XML parser written in a portable
subset of C++. Xerces-C makes it easy to give your application the
ability to read and write XML data. A shared library is provided for
parsing, generating, manipulating, and validating XML
documents. Xerces-C is faithful to the XML 1.0 recommendation and
associated standards: XML 1.0 (Third Edition), XML 1.1 (First
Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and Range,
DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,
Namespaces in XML 1.1, XML Schema, XML Inclusions).

——————————————————————————–
Update Information:

Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463
——————————————————————————–
References:

  [ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
        https://bugzilla.redhat.com/show_bug.cgi?id=1348845
  [ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
        https://bugzilla.redhat.com/show_bug.cgi?id=1310699
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-7615febbd6
2016-07-06 05:18:33.291514
——————————————————————————–

Name        : mingw-xerces-c
Product     : Fedora 22
Version     : 3.1.4
Release     : 1.fc22
URL         : http://xml.apache.org/xerces-c/
Summary     : MingGW Windows validating XML parser
Description :
Xerces-C is a validating XML parser written in a portable subset of
C++. Xerces-C makes it easy to give your application the ability to
read and write XML data. A shared library is provided for parsing,
generating, manipulating, and validating XML documents. Xerces-C is
faithful to the XML 1.0 recommendation and associated standards (DOM
1.0, DOM 2.0. SAX 1.0, SAX 2.0, Namespaces).

——————————————————————————–
Update Information:

MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and
CVE-2016-4463
——————————————————————————–
References:

  [ 1 ] Bug #1348845 – CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
        https://bugzilla.redhat.com/show_bug.cgi?id=1348845
  [ 2 ] Bug #1310699 – CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input
        https://bugzilla.redhat.com/show_bug.cgi?id=1310699
  [ 3 ] Bug #1312231 – CVE-2016-0729 xerces-c: parser crashes on malformed input
        https://bugzilla.redhat.com/show_bug.cgi?id=1312231
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-xerces-c’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

 

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa phpMyAdmin

Otkriveni su sigurnosni nedostaci u programskom paketu phpMyAdmin za Fedoru. Otkriveni nedostaci potencijalnim napadačima omogućuju umetanje BBcode-a, umetanje proizvoljnih vrijednosti...

Close