Security update for xerces-c SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1121-1 Final 1 1 2016-04-21T09:06:21Z current 2016-04-21T09:06:21Z 2016-04-21T09:06:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xerces-c This update for xerces-c fixes the following security issue: - CVE-2016-0729: Fixed mishandling certain kinds of malformed input documents, that resulted in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html E-Mail link for openSUSE-SU-2016:1121-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libxerces-c-3_1-3.1.1-16.1 libxerces-c-3_1-32bit-3.1.1-16.1 libxerces-c-devel-3.1.1-16.1 xerces-c-3.1.1-16.1 libxerces-c-3_1-3.1.1-16.1 as a component of openSUSE Leap 42.1 libxerces-c-3_1-32bit-3.1.1-16.1 as a component of openSUSE Leap 42.1 libxerces-c-devel-3.1.1-16.1 as a component of openSUSE Leap 42.1 xerces-c-3.1.1-16.1 as a component of openSUSE Leap 42.1 Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. CVE-2016-0729 openSUSE Leap 42.1:libxerces-c-3_1-3.1.1-16.1 openSUSE Leap 42.1:libxerces-c-3_1-32bit-3.1.1-16.1 openSUSE Leap 42.1:libxerces-c-devel-3.1.1-16.1 openSUSE Leap 42.1:xerces-c-3.1.1-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html https://www.suse.com/security/cve/CVE-2016-0729.html CVE-2016-0729 https://bugzilla.suse.com/966822 SUSE Bug 966822