Oval Definition:oval:com.redhat.rhsa:def:20160430
Revision Date:2016-03-10Version:638
Title:RHSA-2016:0430: xerces-c security update (Important)
Description:Xerces-C is a validating XML parser written in a portable subset of C++.

  • It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729)

    Red Hat would like to thank Gustavo Grieco for reporting this issue.

    All xerces-c users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using Xerces-C must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-0729
    RHSA-2016:0430
    RHSA-2016:0430-00
    RHSA-2016:0430-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • xerces-c is earlier than 0:3.1.1-8.el7_2
  • AND xerces-c is signed with Red Hat redhatrelease2 key
  • xerces-c-devel is earlier than 0:3.1.1-8.el7_2
  • AND xerces-c-devel is signed with Red Hat redhatrelease2 key
  • xerces-c-doc is earlier than 0:3.1.1-8.el7_2
  • AND xerces-c-doc is signed with Red Hat redhatrelease2 key
    • BACK