CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.3%
CentOS Errata and Security Advisory CESA-2015:1193
Xerces-C is a validating XML parser written in a portable subset of C++.
A flaw was found in the way the Xerces-C XML parser processed certain XML
documents. A remote attacker could provide specially crafted XML input
that, when parsed by an application using Xerces-C, would cause that
application to crash. (CVE-2015-0252)
All xerces-c users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-June/083390.html
Affected packages:
xerces-c
xerces-c-devel
xerces-c-doc
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1193
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | xerces-c | < 3.1.1-7.el7_1 | xerces-c-3.1.1-7.el7_1.i686.rpm |
CentOS | 7 | x86_64 | xerces-c | < 3.1.1-7.el7_1 | xerces-c-3.1.1-7.el7_1.x86_64.rpm |
CentOS | 7 | i686 | xerces-c-devel | < 3.1.1-7.el7_1 | xerces-c-devel-3.1.1-7.el7_1.i686.rpm |
CentOS | 7 | x86_64 | xerces-c-devel | < 3.1.1-7.el7_1 | xerces-c-devel-3.1.1-7.el7_1.x86_64.rpm |
CentOS | 7 | noarch | xerces-c-doc | < 3.1.1-7.el7_1 | xerces-c-doc-3.1.1-7.el7_1.noarch.rpm |