A stack overflow flaw was found in Apache Xerces by parsing root XML document element DTD definition. Providing a specially-crafted XML file would lead to excessive stack growth and denial of service (crash), when opened by a victim. Upstream patch: --------------- http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch Credit: ------- The flaw was discovered by Jukka Taimisto and Rauli Kaksonen from the CROSS project at Codenomicon Ltd.
This issue affects the versions of the xerces-c and xerces-c27 packages, as shipped with Fedora releases of 10 and 11. This issue affects the versions of the xerces-c package, as shipped within the Extra Packages for Enterprise Linux 4 (EPEL-4) and Extra Packages for Enterprise Linux 5 (EPEL-5) projects. Please fix.
Public now via: http://www.cert.fi/en/reports/2009/vulnerability2009085.html
xerces-c-2.8.0-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xerces-c-2.8.0-5.fc10
xerces-c-2.8.0-5.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/xerces-c-2.8.0-5.fc11
xerces-c27-2.7.0-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/xerces-c27-2.7.0-8.fc11
xerces-c27-2.7.0-8.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xerces-c27-2.7.0-8.fc10
xerces-c-2.7.0-8.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/xerces-c-2.7.0-8.el4
xerces-c-2.7.0-8.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/xerces-c-2.7.0-8.el5
This issue affects the versions of Xerces-c package, as shipped with Red Hat Enterprise MRG 1.1 for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.
Official statement from Red Hat Security Response Team regarding this issue: ---------------------------------------------------------------------------- The Red Hat Security Response Team has rated this issue as having low security impact, a future Xerces-c package update may address this flaw in Red Hat Enterprise MRG 1.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
xerces-c27-2.7.0-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
xerces-c-2.8.0-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
xerces-c27-2.7.0-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
xerces-c-2.8.0-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
xerces-c-2.7.0-8.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
xerces-c-2.7.0-8.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
Should be closed now, I suppose.
We actually do want to keep this open for bit longer, as xerces-c is shipped as part of some products, but due to the impact of the flaw itself and impact on particular product, updates are not expected to go out immediately. So I will re-open, feel free to un-CC yourself, as all you care about is fixed by now. Thank you!
Ok, understood. Feel free to do everything you need with this ticket :)
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.