[ MDVSA-2011:108 ] xerces-j2



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:108
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xerces-j2
Date : June 13, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in xerces-j2:

Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE)
in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update
20, and in other products, allows remote attackers to cause a denial
of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2625).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
37cb066faf70adc13f94dde20a432baa 2009.0/i586/xerces-j2-2.9.0-9.1mdv2009.0.i586.rpm
d4eae4a3c3598d4a8aa937e06a666a4c 2009.0/i586/xerces-j2-demo-2.9.0-9.1mdv2009.0.i586.rpm
726068ab70043a5ffec264a74584bbd1 2009.0/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.i586.rpm
ebea985ed82f10cba85c7dc63ebe3292 2009.0/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.i586.rpm
88990006a3d52f94bf1d92cba4974dfd 2009.0/i586/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.i586.rpm
c43bddc774e3740943a09ec7c944c90d 2009.0/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.i586.rpm
45259a83b9e785c45c36ad3af81e7c1a 2009.0/i586/xerces-j2-scripts-2.9.0-9.1mdv2009.0.i586.rpm
ddf57cd31d55064c33889faf9e9f74b8 2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
cf0fe4b70ed214ea14b466edf8981edb 2009.0/x86_64/xerces-j2-2.9.0-9.1mdv2009.0.x86_64.rpm
5e4b68b38f554355d423838f991cf642 2009.0/x86_64/xerces-j2-demo-2.9.0-9.1mdv2009.0.x86_64.rpm
f81effc463e3da1f758b5f2b578956fd 2009.0/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.x86_64.rpm
c0483b80fb2b2ec4e72113c0440ae795 2009.0/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.x86_64.rpm
48df56989967e0594d38d43c6c880a1f 2009.0/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.x86_64.rpm
c2767225bb3a6017ca0e9e3b23ab70f6 2009.0/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.x86_64.rpm
f94f0123950744968da229f46d592770 2009.0/x86_64/xerces-j2-scripts-2.9.0-9.1mdv2009.0.x86_64.rpm
ddf57cd31d55064c33889faf9e9f74b8 2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm

Mandriva Linux 2010.1:
e5ad74cbbc7031d129612b6c295314f6 2010.1/i586/xerces-j2-2.9.0-12.1mdv2010.2.i586.rpm
36f1d2dc0ad0eaf65f3caf681a786b1c 2010.1/i586/xerces-j2-demo-2.9.0-12.1mdv2010.2.i586.rpm
8d3011a0fa4096193fc3a9b55f48cb62 2010.1/i586/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.i586.rpm
21959c92a02a399eaedc680ba94a852b 2010.1/i586/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.i586.rpm
a3bf0c3fea849df6c75549b92bb2fc69 2010.1/i586/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.i586.rpm
38736a69978ea27e8c86697b605de2bb 2010.1/i586/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.i586.rpm
71eb274ae0b1e3b8d311c825c07c583d 2010.1/i586/xerces-j2-scripts-2.9.0-12.1mdv2010.2.i586.rpm
aa76ab8c436a2deea87042e948ee9b87 2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
b10c8ed786180fcc564c913e81407d39 2010.1/x86_64/xerces-j2-2.9.0-12.1mdv2010.2.x86_64.rpm
ddee966d3283e3ee881de32045705844 2010.1/x86_64/xerces-j2-demo-2.9.0-12.1mdv2010.2.x86_64.rpm
10faa110174a57e84b917df59d7354d9 2010.1/x86_64/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.x86_64.rpm
f337e9478e4e7981b8fc5711bce6c374 2010.1/x86_64/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.x86_64.rpm
853857a2fa3423bfe570683130a04a30 2010.1/x86_64/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.x86_64.rpm
464aa2803e1d2c6379ab1c4efde16458 2010.1/x86_64/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.x86_64.rpm
753a920e14066f0947e86eb3c58dc3b0 2010.1/x86_64/xerces-j2-scripts-2.9.0-12.1mdv2010.2.x86_64.rpm
aa76ab8c436a2deea87042e948ee9b87 2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
2d77d8eee7520a75d32006b0a6593b9a mes5/i586/xerces-j2-2.9.0-9.1mdvmes5.2.i586.rpm
498fa9165c65a49a91c2f554412ba08d mes5/i586/xerces-j2-demo-2.9.0-9.1mdvmes5.2.i586.rpm
1355593b2b99758401b7402fe4665c14 mes5/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.i586.rpm
024c4cc368b002a3c8e5e2093b71e3ff mes5/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.i586.rpm
a35340802b118ca125976d040dbef05a mes5/i586/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.i586.rpm
05d9e1cae5c2ea4d36f6947efc351769 mes5/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.i586.rpm
f461ae2ab3e94c21961a1e1b848576a4 mes5/i586/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.i586.rpm
a9991784656b7edd311cfbf57f27295c mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
380c338fa0a80984f1d0086005896b8b mes5/x86_64/xerces-j2-2.9.0-9.1mdvmes5.2.x86_64.rpm
815b14cc6277587cd9690aedfb23e52d mes5/x86_64/xerces-j2-demo-2.9.0-9.1mdvmes5.2.x86_64.rpm
745dd35db3c5ec94420ba33d31605115 mes5/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.x86_64.rpm
97f1be73c86d6e1057512840875ebe3d mes5/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.x86_64.rpm
3a6f08eb04c7f04dba7bba0af9728fe9 mes5/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.x86_64.rpm
990027b4eeed11ac8689534e2721f789 mes5/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.x86_64.rpm
a1601357c9d02a3cdc0d884c641fa207 mes5/x86_64/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.x86_64.rpm
a9991784656b7edd311cfbf57f27295c mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN9fgnmqjQ0CJFipgRAmspAJ0Ylvf3cIGVxgWJThqUjCCElt52QgCeJKRh
TzRhRpoAIyy00Twg1G8t8Mk=
=0/P6
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2013:301 ] nss
    ... Business Server 1.0, Enterprise Server 5.0 ... This certificate ... Additionally the rootcerts packages has been upgraded with the latest ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2013:301 ] nss
    ... Business Server 1.0, Enterprise Server 5.0 ... This certificate ... Additionally the rootcerts packages has been upgraded with the latest ... Mandriva Enterprise Server 5/X86_64: ...
    (Bugtraq)
  • [ MDVSA-2011:146 ] cups
    ... 2009.0, 2010.1, Enterprise Server 5.0 ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2014:010 ] memcached
    ... Business Server 1.0, Enterprise Server 5.0 ... authentication by sending an invalid request with SASL credentials, ... Updated Packages: ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2014:010 ] memcached
    ... Business Server 1.0, Enterprise Server 5.0 ... authentication by sending an invalid request with SASL credentials, ... Updated Packages: ... Mandriva Enterprise Server 5/X86_64: ...
    (Bugtraq)