Bug 1551525 (CVE-2017-12627)
Summary: | CVE-2017-12627 xerces-c: Null pointer dereference while processing the path to DTD allows denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | antti.andreimann, bhu, erik-fedora, iboverma, jross, klember, mcressma, rrajasek, volker27, williams, xavier |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | xerces-c 3.2.1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 19:55:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1551526, 1551527, 1551528, 1551529, 1551530, 1552420, 1552421 | ||
Bug Blocks: | 1551531 |
Description
Adam Mariš
2018-03-05 10:56:34 UTC
Created xerces-c tracking bugs for this issue: Affects: fedora-all [bug 1551527] Created xerces-c27 tracking bugs for this issue: Affects: fedora-all [bug 1551526] Created mingw-xerces-c tracking bugs for this issue: Affects: fedora-all [bug 1551528] Created xerces-c tracking bugs for this issue: Affects: epel-6 [bug 1551530] Statement: Red Hat Enterprise MRG and MRG-Messaging are currently in Maintenance phase. This issue has been rated as having Moderate security impact, and is not currently planned to be addressed in future releases of MRG or MRG-Messaging. For more information, refer to the Issue Severity Classification and the Life Cycle and Update Policies: https://access.redhat.com/security/updates/classification https://access.redhat.com/support/policy/update_policies/ Mitigation: Applications should strongly consider blocking remote entity resolution and/or outright disabling of DTD processing in light of the continued identification of bugs in this area of the library. |